Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Google Trouble

Started by Lochy , Jun 12 2007 10:20 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 12 June 2007 - 10:20 PM

just a hijackthis log for "THIS" might have some problems 0.o


Logfile of HijackThis v1.99.1
Scan saved at 2:17:35 PM, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
G:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janine\Desktop\Anti spyware programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...RP342cN5 GMgDc=
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {C40E1B6C-D28E-F578-D90A-83ADD8E270C2} - C:\WINDOWS\system32\ifiynt.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "c:\program files\steam2\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bridie\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard....des/cabs/si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157467066415
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 June 2007 - 04:16 PM

Hello and welcome to the forums

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt.Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 17 June 2007 - 07:53 PM

ok after that ive got:

2005-01-06 20:58	  1091	--a--c---	C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
2005-11-18 04:30	  0	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\msresearch1.dat.vir
2005-11-20 15:26	  0	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\timessquare1.dat.vir
2006-02-23 13:50	  42	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\whitevx.lst.vir
2006-08-31 02:16	  1150	--a------	C:\Qoobox\Quarantine\C\Program Files\Outerinfo\outerinfo.ico.vir
2006-09-24 10:39	  245	--a------	C:\Qoobox\Quarantine\C\Program Files\PrintView\hotlist.dat.vir
2006-09-24 19:51	  44	--a------	C:\Qoobox\Quarantine\C\Program Files\PrintView\chnlist.dat.vir
2006-09-27 19:28	  34	--a------	C:\Qoobox\Quarantine\C\Program Files\PrintView\remlist.dat.vir
2006-09-28 11:52	  331	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\keyboard1.dat.vir
2006-11-28 12:13	  132116	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\epchawpb.dll.vir
2006-12-27 04:49	  111392	--a------	C:\Qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir
2007-01-06 20:01	  118804	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\gwftihls.dll.vir
2007-01-12 12:35	  879275	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\slhitfwg.ini.vir
2007-01-13 06:00	  18031	--a------	C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-02-17 05:35	  1024	--a------	C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\History(2)\search.vir
2007-02-17 05:35	  1320	--a------	C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache(2)061BD9.bin.vir
2007-02-17 05:35	  4504	--a------	C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache(2)061836.bin.vir
2007-02-17 05:35	  7596	--a------	C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Settings(2)\prevcfg.htm.vir
2007-02-18 07:06	  79	--a------	C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\Cache(2)061488.vir
2007-06-17 10:08	  2	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\system32\wnstscc32.exe.vir
2007-06-18 11:41	  10558	--a--c---	C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-06-18 11:41	  1188	--a--c---	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
2007-06-18 11:41	  1290	--a--c---	C:\Qoobox\Quarantine\Registry_backups\services_cmdService.reg.cf
2007-06-18 11:41	  832	--a--c---	C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.cf
2007-06-18 11:41	  862	--a--c---	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.cf


Folder PATH listing for volume LOCHYS BRAIN
Volume serial number is F037-A2CA
C:\QOOBOX
\---Quarantine
	+---C
	|   |   INSTALL.LOG.vir
	|   |   
	|   +---Program Files
	|   |   +---MyGlobalSearch
	|   |   |   \---bar
	|   |   |	   +---Cache(2)
	|   |   |	   |	   00061488.vir
	|   |   |	   |	   00061836.bin.vir
	|   |   |	   |	   00061BD9.bin.vir
	|   |   |	   |	   
	|   |   |	   +---History(2)
	|   |   |	   |	   search.vir
	|   |   |	   |	   
	|   |   |	   \---Settings(2)
	|   |   |			   prevcfg.htm.vir
	|   |   |			   
	|   |   +---Outerinfo
	|   |   |	   OiUninstaller.exe.vir
	|   |   |	   outerinfo.ico.vir
	|   |   |	   Terms.rtf.vir
	|   |   |	   
	|   |   \---PrintView
	|   |		   chnlist.dat.vir
	|   |		   hotlist.dat.vir
	|   |		   remlist.dat.vir
	|   |		   
	|   \---WINDOWS
	|	   |   keyboard1.dat.vir
	|	   |   msresearch1.dat.vir
	|	   |   timessquare1.dat.vir
	|	   |   
	|	   \---system32
	|			   epchawpb.dll.vir
	|			   gwftihls.dll.vir
	|			   slhitfwg.ini.vir
	|			   whitevx.lst.vir
	|			   wnstscc32.exe.vir
	|			   
	\---Registry_backups
			LEGACY_CMDSERVICE.reg.cf
			LEGACY_NETWORK_MONITOR.reg.cf
			LEGACY_NM.reg.cf
			services_cmdService.reg.cf
			services_nm.reg.cf

and this:


ComboFix 07-06-17 - C:\Documents and Settings\Janine\Desktop\ComboFix.exe
"Janine" - 2007-06-18 11:37:47 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\epchawpb.dll
C:\WINDOWS\system32\gwftihls.dll
C:\WINDOWS\system32\slhitfwg.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.log
C:\Program Files\Common Files\{F037A~1
C:\Program Files\Common Files\{F037A~2
C:\Program Files\Common Files\{F037A~3
C:\Program Files\fnts~1
C:\Program Files\MyGlobalSearch
C:\Program Files\MyGlobalSearch\bar\Cache(2)061488
C:\Program Files\MyGlobalSearch\bar\Cache(2)061836.bin
C:\Program Files\MyGlobalSearch\bar\Cache(2)061BD9.bin
C:\Program Files\MyGlobalSearch\bar\History(2)\search
C:\Program Files\MyGlobalSearch\bar\Settings(2)\prevcfg.htm
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\printview
C:\Program Files\printview\chnlist.dat
C:\Program Files\printview\hotlist.dat
C:\Program Files\printview\remlist.dat
C:\Program Files\racle~1
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\msresearch1.dat
C:\WINDOWS\system32\components
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\whitevx.lst
C:\WINDOWS\system32\wnstscc32.exe
C:\WINDOWS\timessquare1.dat


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NM
-------\cmdService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 11:37 49,152 --a--c--- C:\WINDOWS\nircmd.exe
2007-06-17 10:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\NannyMania
2007-06-17 10:08 60,928 --a--c--- C:\WINDOWS\system32\rlpy.dll
2007-06-17 08:54 <DIR> d----c--- C:\WINDOWS\BCE5A33DA808492A9B5CDCAFCFF24D27.TMP
2007-06-17 07:46 28,672 --a--c--- C:\WINDOWS\system32\f3PSSavr.scr
2007-06-17 07:46 <DIR> d-------- C:\Program Files\FunWebProducts
2007-06-16 09:44 <DIR> d-------- C:\DOCUME~1\Bridie\APPLIC~1\M?crosoft.NET
2007-06-15 13:22 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Google
2007-06-15 12:26 <DIR> d-------- C:\DOCUME~1\JANINE~1.SLA\APPLIC~1\Google
2007-06-15 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater
2007-06-14 16:51 <DIR> d-------- C:\DOCUME~1\Bridie\APPLIC~1\?ecurity
2007-06-13 00:53 <DIR> d-------- C:\Program Files\Native Instruments
2007-06-12 14:15 <DIR> d----c--- C:\WINDOWS\.jagex_cache_32
2007-06-11 22:11 4,682 --a--c--- C:\WINDOWS\system32\npptNT2.sys
2007-06-10 19:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
2007-06-10 19:40 <DIR> d-------- C:\Program Files\Gamenext
2007-06-10 10:25 <DIR> d-------- C:\DOCUME~1\Bridie\APPLIC~1\W?nSxS
2007-06-09 18:16 <DIR> d-------- C:\DOCUME~1\Bridie\APPLIC~1\IMVU
2007-06-06 16:58 <DIR> d-------- C:\Program Files\BigPond
2007-05-26 14:18 262,144 --ah----- C:\DOCUME~1\JANINE~1.SLA\NTUSER.DAT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 00:37:06 -------- d-----w C:\Program Files\Save
2007-06-17 05:45:22 -------- d-----w C:\Program Files\Shockwave.com
2007-06-17 04:00:24 -------- d-----w C:\Program Files\MSN Messenger
2007-06-16 21:46:27 -------- d-----w C:\Program Files\MyWebSearch
2007-06-15 03:21:55 -------- d-----w C:\Program Files\Google
2007-06-14 13:21:44 -------- d-----w C:\DOCUME~1\Janine\APPLIC~1\Xfire
2007-06-14 13:21:29 -------- d-s---w C:\Program Files\Xfire
2007-05-10 06:42:01 -------- d-----w C:\DOCUME~1\Janine\APPLIC~1\My Battle for Middle-earth Files
2007-05-08 09:13:48 -------- d-----w C:\Program Files\Common Files\Real
2007-05-08 09:13:47 -------- d-----w C:\DOCUME~1\Janine\APPLIC~1\Real
2007-05-01 11:12:10 -------- d-----w C:\Program Files\Maestro Learning
2007-05-01 05:26:18 12,400 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-01 05:25:59 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-01 05:25:57 976 -c--a-w C:\WINDOWS\eReg.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}=C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 11:29]
{965E1E6A-D1DF-A421-D90A-83ADD8E12193}=C:\WINDOWS\system32\rlpy.dll [2007-05-21 23:59]
{9D006D63-579B-4D77-9C12-15623661ADDA}=C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll [2007-01-25 08:24]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-06-15 13:21]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-15 13:21]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigPondCable"="C:\Program Files\Telstra\Cable Login\bpcable.exe" [2003-09-29 13:07]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 08:36]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [2007-06-17 07:46]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-03-20 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BySoft FreeRAM"="C:\Program Files\BySoft FreeRAM\FreeRAM.exe" [2004-12-18 06:44]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-10-08 08:08]
"Steam"="c:\program files\steam2\steam.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 20:48]
"WhenUSave"="C:\Program Files\Save\Save.exe" [2006-08-25 13:45]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ati control panel"=atiphexx.exe
"Microsoft Update"=msconfg.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"=0 (0x0)
"RunLogonScriptSync"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)
"DisableLocalMachineRun"=0 (0x0)
"NoWelcomeScreen"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalUserRun"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"RestrictCpl"=0 (0x0)
"DisallowCpl"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"RestrictRun"=0 (0x0)
"DisallowRun"=0 (0x0)
"NoRecycleFiles"=0 (0x0)
"ForceRecycleBinSize"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoCustomizeWebView"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoWinKeys"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoCustomizeThisFolder"=0 (0x0)
"NoWebView"=0 (0x0)
"DontShowSuperHidden"=0 (0x0)
"NoOnlinePrintsWizard"=0 (0x0)
"NoPublishingWizard"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSMConfigurePrograms"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoHelp"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuEjectPC"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoDisconnect"=0 (0x0)
"NoNtSecurity"=0 (0x0)
"NoSetFolders"=0 (0x0)
"GreyMSIAds"=0 (0x0)
"ForceMaxRecentDocs"=0 (0x0)
"NoSMBalloonTip"=0 (0x0)
"NoSMBalloonTips"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"LockTaskbar"=0 (0x0)
"HideClock"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoStartBanner"=00000000
"NoTaskGrouping"=0 (0x0)
"NoWebServices"=0 (0x0)
"NoFileUrl"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoExpandedNewMenu"=0 (0x0)
"SpecifyDefaultButtons"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoClose"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRunasInstallPrompt"=0 (0x0)
"PromptRunasInstallNetPath"=1 (0x1)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoDevMgrUpdate"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoThumbnailCache"=0 (0x0)
"ForceCopyAclwithFile"=0 (0x0)
"StartRunNoHOMEPATH"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0?"=atiphexx.exe
"1?"=jusched.exe
"2?"=msgplus.exe
"3?"=clfmon.exe
"4?"=nvsvca32.exe
"5?"=ifasdnvsvca32.exe
"6?"=rundll23.exe
"7?"=newsd32.exe
"8?"=csrs.exe
"9?"=gasrv.exe
"10?"=gnxatgasrve.exe
"11?"=tljbcramex.exe
"12?"=fjanxramex.exe
"13?"=relsd.exe
"14?"=rtdjcramex.exe
"15?"=clredrestun.exe
"16?"=qtsk.exe
"17?"=lxbkbmgr.exe
"18?"=ijucu.exe
"19?"=thguard.exe
"20?"=rundll.exe
"21?"=ccapp.exe
"22?"=nrchk.exe
"23?"=winupdates.exe
"24?"=update.exe
"25?"=fw_304.exe
"26?"=volumeco.exe
"27?"=winlogon.exe
"28?"=ktqvgr.exe
"29?"=timessquare.exe
"30?"=adtech2005.exe
"31?"=mediacon.exe
"32?"=iexplorer.exe
"33?"=bpk.exe
"34?"=ituneshelper.exe
"35?"=qttask.exe
"36?"=newadmin.exe
"37?"=reader_sl.exe
"38?"=limewire.exe
"39?"=osa9.exe
"40?"=msnmsgr.exe
"41?"=steam.exe
"42?"=windll32.exe
"43?"=irasyncd.exe
"44?"=freeram.exe
"45?"=freeram xp pro 1.40.exe
"46?"=themopa.exe
"47?"=xfire.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"RestrictCpl"=0 (0x0)
"DisallowCpl"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"RestrictRun"=0 (0x0)
"DisallowRun"=0 (0x0)
"NoRecycleFiles"=0 (0x0)
"ForceRecycleBinSize"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoCustomizeWebView"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoWinKeys"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoCustomizeThisFolder"=0 (0x0)
"NoWebView"=0 (0x0)
"DontShowSuperHidden"=0 (0x0)
"NoOnlinePrintsWizard"=0 (0x0)
"NoPublishingWizard"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSMConfigurePrograms"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoHelp"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoFind"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuEjectPC"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoDisconnect"=0 (0x0)
"NoNtSecurity"=0 (0x0)
"NoSetFolders"=0 (0x0)
"GreyMSIAds"=0 (0x0)
"ForceMaxRecentDocs"=0 (0x0)
"NoSMBalloonTip"=0 (0x0)
"NoSMBalloonTips"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"LockTaskbar"=0 (0x0)
"HideClock"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoStartBanner"=00000000
"NoTaskGrouping"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoWebServices"=0 (0x0)
"NoFileUrl"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoExpandedNewMenu"=0 (0x0)
"SpecifyDefaultButtons"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoClose"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRunasInstallPrompt"=0 (0x0)
"PromptRunasInstallNetPath"=1 (0x1)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoDevMgrUpdate"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoThumbnailCache"=0 (0x0)
"ForceCopyAclwithFile"=0 (0x0)
"StartRunNoHOMEPATH"=0 (0x0)
"EditLevel"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0?"=atiphexx.exe
"1?"=jusched.exe
"2?"=msgplus.exe
"3?"=clfmon.exe
"4?"=nvsvca32.exe
"5?"=ifasdnvsvca32.exe
"6?"=rundll23.exe
"7?"=newsd32.exe
"8?"=csrs.exe
"9?"=gasrv.exe
"10?"=gnxatgasrve.exe
"11?"=tljbcramex.exe
"12?"=fjanxramex.exe
"13?"=relsd.exe
"14?"=rtdjcramex.exe
"15?"=clredrestun.exe
"16?"=qtsk.exe
"17?"=lxbkbmgr.exe
"18?"=ijucu.exe
"19?"=thguard.exe
"20?"=rundll.exe
"21?"=ccapp.exe
"22?"=nrchk.exe
"23?"=winupdates.exe
"24?"=update.exe
"25?"=fw_304.exe
"26?"=volumeco.exe
"27?"=winlogon.exe
"28?"=ktqvgr.exe
"29?"=timessquare.exe
"30?"=adtech2005.exe
"31?"=mediacon.exe
"32?"=iexplorer.exe
"33?"=bpk.exe
"34?"=ituneshelper.exe
"35?"=qttask.exe
"36?"=newadmin.exe
"37?"=reader_sl.exe
"38?"=limewire.exe
"39?"=osa9.exe
"40?"=msconfg.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"Steam"=C:\Program Files\Steam2\Steam.exe -silent
"Windows Update"=c:\windows\Update.exe /
"RunTheMop"=C:\Program Files\ArendiX\The Mop!\themopa.exe
"FreeRAM XP"="C:\Documents and Settings\Janine\Desktop\FREERAM\FreeRAM XP Pro 1.40.exe" -win
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
"WindowsUpdateNT"=C

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MessengerPlus"="C:\Documents and Settings\Janine\Desktop\MsgPlus.exe"
"supernews12"=C:\WINDOWS\newsd32.exe
"Nero"=C:\WINDOWS\nrchk.exe /i
"winupdates"=C:\Program Files\winupdates\winupdates.exe /auto
"Windows Update"=c:\windows\Update.exe /
"timessquare"=C:\windows\timessquare.exe
"bpk"=C:\WINDOWS\system32\bpk.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
"THGuard"="C:\Program Files\TrojanHunter 4.2\THGuard.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"gNXaTgaSrve.exe"=C:\WINDOWS\gNXaTgaSrve.exe
"tLjbcramex.exe"=C:\WINDOWS\tLjbcramex.exe
"QuTie Task"=C:\WINDOWS\qtsk.exe
"VolControlo"=C:\WINDOWS\volumeco.exe
"frtwoc"=C:\WINDOWS\system32\ktqvgr.exe r
"PVModule"=C:\PROGRA~1\PRINTV~1\pvmodule.exe
"winlog"=winlog.exe
"IpWins"=C:\Program Files\ipwins\ipwins.exe
"Ultimate Cleaner"=C:\Program Files\Ultimate Cleaner\App.exe
"win2ds"=C:\i386w\win2ds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"winlog"=winlog.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- setup.exe /AUTORUN
configure\command- setup.exe
install\command- setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59fc07c4-bf37-11db-b3d5-0011d8482300}]
AutoRun\command- H:\SETUP.EXE


Contents of the 'Scheduled Tasks' folder
2007-06-11 05:24:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-17 04:00:40 C:\WINDOWS\tasks\Backup.job
2007-06-16 20:32:26 C:\WINDOWS\tasks\Disk Cleanup.job
2007-05-01 11:03:42 C:\WINDOWS\tasks\Synchronize.job
2006-12-16 09:32:00 C:\WINDOWS\tasks\System Restore.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 11:46:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\Services\SharedAccess]

Completion time: 2007-06-18 11:50:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 11:50

--- E O F ---

#4 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 17 June 2007 - 07:54 PM

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:35 AM, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
G:\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janine\Desktop\Anti spyware programs\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {965E1E6A-D1DF-A421-D90A-83ADD8E12193} - C:\WINDOWS\system32\rlpy.dll
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "c:\program files\steam2\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZCfox000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bridie\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard....des/cabs/si.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157467066415
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 June 2007 - 02:14 PM

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download AVG Anti-Spyware from HERE and save that file to your
desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition
    files.
  • On the main screen select the icon "Update" then select the "
    Update now    " link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then
    select " "Quarantine" .".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    Close ewido anti-spyware, Do Not run a scan just yet, we will shortly

    Reboot your computer into SafeMode
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter.

    IMPORTANT: Do not open any other windows or
    programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all
    actions    "
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember where
    you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the
    results of the AVG Anti-Spyware report scan along with a new HijackThis log.
Note: AVG Anti-Spyware might not create the report.txt file. Don't worry about that, just be sure you made the correct settings. You can click the Report ICON and get the report I think.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 June 2007 - 01:48 PM

You still need help?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 June 2007 - 03:44 PM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.tomcoy...hp?showforum=27 ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.

==============================


Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·