You're welcome :bigthumb:
I get popups and Trojans, AVG and S&B dn't remove them, or they reappear
- Thread starter ruckus
- Start date
and further more... lol
I have been following your links and registered with bleeping computerss
...Fantastic!!:bigthumb:
I ran the PC Optimizer, and now it wants PAYMENT!! grr
But it did do something I wanted to happen... it says it can remove programmes that aren't installed properly... I am having difficulty removing about 3 or 4 programmes as they are missing files or something.... you want to help me with that or should i bark up someone elses tree for a change?
:
I have been following your links and registered with bleeping computerss
...Fantastic!!:bigthumb:
I ran the PC Optimizer, and now it wants PAYMENT!! grr
But it did do something I wanted to happen... it says it can remove programmes that aren't installed properly... I am having difficulty removing about 3 or 4 programmes as they are missing files or something.... you want to help me with that or should i bark up someone elses tree for a change?
:
I guess you installed the PC Optimizer thing. In my link, I was actually referring to the online analysis. 
Anyway, what programs do you want to remove?
Anyway, what programs do you want to remove?
Hi,
It could be possible that the programs are already removed previously, just leaving some entries and files behind after uninstalling. Some games actually leave the installer file still present as well as the registry entry under add/remove programs, which explains, why you want to uninstall Max pain (while maybe already removed previously), that it tries to install itself again.
So let's take a look first if these programs are still fully installed or not.. so do next:
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
In there, you'll find the three programs you want to uninstall.
Do NOT click the "remove this entry" button! Only when I say so!
First, select the entry "Max Pain" and copy and paste what's inside the "uninstall command" field in your next reply.
Do the same for "Jump Start Learning ABC" and "MAX FX TOOlS"
So I need 3 uninstall commands in your next reply.
It could be possible that the programs are already removed previously, just leaving some entries and files behind after uninstalling. Some games actually leave the installer file still present as well as the registry entry under add/remove programs, which explains, why you want to uninstall Max pain (while maybe already removed previously), that it tries to install itself again.
So let's take a look first if these programs are still fully installed or not.. so do next:
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
In there, you'll find the three programs you want to uninstall.
Do NOT click the "remove this entry" button! Only when I say so!
First, select the entry "Max Pain" and copy and paste what's inside the "uninstall command" field in your next reply.
Do the same for "Jump Start Learning ABC" and "MAX FX TOOlS"
So I need 3 uninstall commands in your next reply.
'ello again!
:
ABC Learning
C:\WINDOWS\IsUninst.exe -fC:\KA\JSLG_ABC\DeIsL2.isu
Max Payne
RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe"
Max Tools (is this part of Max Payne?)
RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7299E7F8-6921-4588-9A83-9BB7B867706F}\setup.exe"
:
:ABC Learning
C:\WINDOWS\IsUninst.exe -fC:\KA\JSLG_ABC\DeIsL2.isu
Max Payne
RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe"
Max Tools (is this part of Max Payne?)
RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7299E7F8-6921-4588-9A83-9BB7B867706F}\setup.exe"
:Must Sleep
You are truly an angel sent from heaven to bless this little PC of mine:angel:
I am loving your work and am learning as you go, which I love to do!!
It has been a long and winding road and I :fear: that I must sleep!
It's 6:54am and I start work in an hour and a half, so, I will just lye there for a while I think (or I'll never wake up).
I have read all the links and helpful things you have given me. I am now firewalled and Spyware protected to the max!!:laugh:
I can't wait to get home and find your reply!!
Forever in your debt, David:heart:
Have a nice day/night!
You are truly an angel sent from heaven to bless this little PC of mine:angel:
I am loving your work and am learning as you go, which I love to do!!
It has been a long and winding road and I :fear: that I must sleep!
It's 6:54am and I start work in an hour and a half, so, I will just lye there for a while I think (or I'll never wake up).
I have read all the links and helpful things you have given me. I am now firewalled and Spyware protected to the max!!:laugh:
I can't wait to get home and find your reply!!
Forever in your debt, David:heart:
Have a nice day/night!
Ok, some questions first... About ABC Learning.
Does this file still exist? C:\WINDOWS\IsUninst.exe
Does this folder still exist? C:\KA\JSLG_ABC
About Max Payne, when you want to remove it via add/remove programs, as far as I can see, it does indeed launch the setup.exe (install).
In that setup screen, does it has the option to remove?
yes, the Max Tools like like it's indeed a part of Max payne.
Is there still a folder called Max payne present in your C:\Program Files folder?
If so, can you check if there are mainly leftovers in there, or if the main program is still fully installed there. In that case, the game executable should be present there as well.
Edit -- ok, have a nice sleep
Does this file still exist? C:\WINDOWS\IsUninst.exe
Does this folder still exist? C:\KA\JSLG_ABC
About Max Payne, when you want to remove it via add/remove programs, as far as I can see, it does indeed launch the setup.exe (install).
In that setup screen, does it has the option to remove?
yes, the Max Tools like like it's indeed a part of Max payne.
Is there still a folder called Max payne present in your C:\Program Files folder?
If so, can you check if there are mainly leftovers in there, or if the main program is still fully installed there. In that case, the game executable should be present there as well.
Edit -- ok, have a nice sleep
Gee your clever
resent:
ABC
Yup... I found the 'IsUninst'... I moved it to desktop... I hope thats ok :red:
I windows searched the ABC file you were looking for and it gave me what looks like a folder named 'JSLG_ABC' which is located in 'C:\KA'
It also came up with what look like 2 different icon exe. files both named 'JSLG_ABC' in 'C:\KA\JSLG_ABC'
Also what looks like a thumbs file named 'JSLG_ABC' in 'C:\KA\JSLG_ABC'
Lastely it found 'JSL_ABC.key' in 'C:\KA\JSLG_ABC'
AS for Max Payne.... it definately doesn't give me the option to UNinstall in add/remove....only install
Yes, both Max Payne and Max Tools are in program files and they seem to be completely intact (with all files inc exe.)
Is it that you need the disk to uninstall (a bright idea I just had)
Unfortunately I have no disk anymore:red:
I'm thinking you're not just a pretty face!:heart:
resent:ABC
Yup... I found the 'IsUninst'... I moved it to desktop... I hope thats ok :red:
I windows searched the ABC file you were looking for and it gave me what looks like a folder named 'JSLG_ABC' which is located in 'C:\KA'
It also came up with what look like 2 different icon exe. files both named 'JSLG_ABC' in 'C:\KA\JSLG_ABC'
Also what looks like a thumbs file named 'JSLG_ABC' in 'C:\KA\JSLG_ABC'
Lastely it found 'JSL_ABC.key' in 'C:\KA\JSLG_ABC'
AS for Max Payne.... it definately doesn't give me the option to UNinstall in add/remove....only install
Yes, both Max Payne and Max Tools are in program files and they seem to be completely intact (with all files inc exe.)
Is it that you need the disk to uninstall (a bright idea I just had)
Unfortunately I have no disk anymore:red:
I'm thinking you're not just a pretty face!:heart:
The JSLG_ABC looks like it was already removed, just leftovers in that folder.
So, for that, you can delete the folder manually: C:\KA\JSLG_ABC
For the Max Payne folder - you can - or reinstall it and then uninstall it - or just delete the May Payne folder manually.
To get rid of their uninstall entries in add/remove,
Do NOT do this for any other entries there!
So, for that, you can delete the folder manually: C:\KA\JSLG_ABC
For the Max Payne folder - you can - or reinstall it and then uninstall it - or just delete the May Payne folder manually.
To get rid of their uninstall entries in add/remove,
- Open HiJackThis
- Click on the "Config..." button on the bottom right
- Click on the tab "Misc Tools"
- Click on the Box that says "Uninstall Manager"
- Click on the entry you wish to delete (ABC Learning, Max Tools & Max payne)
- Click on Delete this entry
- Click "Yes"
Do NOT do this for any other entries there!
oh shit!
I just did a defrag and now internet is r-e-a-l-l-y s-l-o-w
and... another problem I should have mentioned earlier...
when i click start and go to 'all programs' it takes about a minute for the programs list to appear!
This lag is also in all of the menus in 'start' 'all programs'
Also, on start up it takes the task bar a little bit long to appear and also it takes a while for all the icons on desktop to appear.
When I open 'control panel' it takes to long for the icons to appear.. and takes way to long for the list to populate when I open 'add/remove programs'
It was because of this lag that I ran the defrag... but that seems to have slowed my internet down somehow.
But programs open as quick as they should and so do the windows when I open folders.:sad:
P.S. I will follow your prior instructions now, I was waiting for the defrag to finish.
I just did a defrag and now internet is r-e-a-l-l-y s-l-o-w
and... another problem I should have mentioned earlier...
when i click start and go to 'all programs' it takes about a minute for the programs list to appear!
This lag is also in all of the menus in 'start' 'all programs'
Also, on start up it takes the task bar a little bit long to appear and also it takes a while for all the icons on desktop to appear.
When I open 'control panel' it takes to long for the icons to appear.. and takes way to long for the list to populate when I open 'add/remove programs'
It was because of this lag that I ran the defrag... but that seems to have slowed my internet down somehow.
But programs open as quick as they should and so do the windows when I open folders.:sad:
P.S. I will follow your prior instructions now, I was waiting for the defrag to finish.
Have you been using the cleanup utility in XP? I mean cleaning the internet cache, cleaning the temp folders, cookies, recycle bin etc etc.. Because that's normal behavior after you performed that cleanup.
This since prefetch folder was emptied as well and your internet cache was emptied. So right after that, when you open certain programs and browse certain pages - it will load a bit slower in the beginning.
This will improve again.
However, you are talking about a minute here - so not sure what programs you have been installing in between - running in the background which may cause a system slowdown.
Can you post a new HijackThislog please?
Also, keep in mind, You do have Folder Lock installed. It is known that it may cause an extra slowdown....
This since prefetch folder was emptied as well and your internet cache was emptied. So right after that, when you open certain programs and browse certain pages - it will load a bit slower in the beginning.
This will improve again.
However, you are talking about a minute here - so not sure what programs you have been installing in between - running in the background which may cause a system slowdown.
Can you post a new HijackThislog please?
Also, keep in mind, You do have Folder Lock installed. It is known that it may cause an extra slowdown....
Final Scans
Hey guyz!!:
MIEKIEMOES has been bloody AWESOME!!:angel:...in fact, these forums are FANTASTIC!!:wink::
I'm not sure if MIEKIEMOES is finally sick of my patheticness:red: or if she just hasn't been online but, I think she managed to fix everything which is cool, however, I had a horrible crash where everything lagged up before it finally froze and that has me a little worried, eveything does seem to be fine now BUT, is it possible for someone to run me through some final scanz so I can be sure...call me paranoid:scratch:
Hey thanks again and BIGUPS to MIEKIEMOES!!
P.S. I will be donating, I have your address:bigthumb:
Hey guyz!!
:MIEKIEMOES has been bloody AWESOME!!:angel:...in fact, these forums are FANTASTIC!!:wink::
I'm not sure if MIEKIEMOES is finally sick of my patheticness:red: or if she just hasn't been online but, I think she managed to fix everything which is cool, however, I had a horrible crash where everything lagged up before it finally froze and that has me a little worried, eveything does seem to be fine now BUT, is it possible for someone to run me through some final scanz so I can be sure...call me paranoid:scratch:
Hey thanks again and BIGUPS to MIEKIEMOES!!
P.S. I will be donating, I have your address:bigthumb:
Last edited by a moderator:
I turned everything off including firewall before I ran this scan, just in case.
My PC seems to be running brilliantly now, thx so much :bigthumb:
Logfile of HijackThis v1.99.1
Scan saved at 5:15:41 p.m., on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\Hijack\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177964292875
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F5A8DAA-D9CB-45B8-B519-C1F3D46ECCBF}: NameServer = 202.74.207.10,202.74.207.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Also, about removing those programmes, shoul I jsut delete the folders from 'Program Files'?
My PC seems to be running brilliantly now, thx so much :bigthumb:
Logfile of HijackThis v1.99.1
Scan saved at 5:15:41 p.m., on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\Hijack\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177964292875
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F5A8DAA-D9CB-45B8-B519-C1F3D46ECCBF}: NameServer = 202.74.207.10,202.74.207.100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Also, about removing those programmes, shoul I jsut delete the folders from 'Program Files'?
Hi,
Everything looks OK here.
Everytime when I look at a new HijackThislog, I see things has been changed in it. Now it looks like you enabled everything via msconfig which was disabled before, but it looks like some related programs are missing. Which means, you already uninstalled them before.
So, let's have another look and post a log from Combofix, so it will show what is really missing or not, so we can actually remove these startup entries instead of disabling them.
Also, as you asked,
Extra note, if you don't really use Google desktop search, I also suggest you uninstall it - this because it's known to cause a serious system slowdown.
Everything looks OK here.
Everytime when I look at a new HijackThislog, I see things has been changed in it. Now it looks like you enabled everything via msconfig which was disabled before, but it looks like some related programs are missing. Which means, you already uninstalled them before.
So, let's have another look and post a log from Combofix, so it will show what is really missing or not, so we can actually remove these startup entries instead of disabling them.
Also, as you asked,
You can delete the Max Payne folder and the JSLG_ABC folder.
Extra note, if you don't really use Google desktop search, I also suggest you uninstall it - this because it's known to cause a serious system slowdown.
Phew! I thought I'd lost you!
ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix\ComboFix.exe
"Owner" - 2007-06-13 22:47:20 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-13 20:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-12 09:45 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Comodo
2007-06-12 06:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-06-12 06:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-12 06:27 <DIR> d-------- C:\Program Files\Comodo
2007-06-12 06:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-12 04:43 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-11 19:54 1,824 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-11 15:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-11 05:09 <DIR> d-------- C:\Program Files\SpyCrush 3.2
2007-06-11 04:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-11 02:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 00:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-10 21:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 19:29 <DIR> d---s---- C:\DOCUME~1\Guest\UserData
2007-06-09 18:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-08 23:48 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-06-08 23:48 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-06-08 23:48 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-06-08 23:48 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-06-08 23:48 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-06-08 23:48 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-06-08 23:48 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-06-08 23:48 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-06-08 22:03 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-08 22:03 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-08 22:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-08 22:03 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-06-08 22:03 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-06-08 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-08 20:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-08 08:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-31 18:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 18:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 18:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-28 20:28 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-26 09:01 <DIR> d-------- C:\Program Files\DC++
2007-05-25 22:45 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-25 22:44 2,301 --a------ C:\WINDOWS\mozver.dat
2007-05-25 15:34 <DIR> d-------- C:\Program Files\Google
2007-05-25 15:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-25 15:28 15,714,552 --a------ C:\Program Files\Google_Earth_BZXV.exe
2007-05-23 03:14 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-23 01:57 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-05-23 01:57 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-05-23 01:57 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-05-23 01:57 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-05-23 01:57 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-05-23 01:57 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-05-23 01:57 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-05-22 23:44 <DIR> d-------- C:\Program Files\QuickTime
2007-05-22 23:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-21 04:08 <DIR> d--hs---- C:\DOCUME~1\Owner\Complete
2007-05-19 12:41 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ableton
2007-05-19 12:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
2007-05-14 18:54 <DIR> d-------- C:\Program Files\Vodei
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-13 10:34:24 -------- d-----w C:\Program Files\EA Games
2007-06-09 04:28:07 -------- d-----w C:\Program Files\Easy Internet signup
2007-06-08 10:06:32 -------- d-----w C:\Program Files\DivX
2007-05-29 09:59:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 09:58:06 -------- d-----w C:\Program Files\Microsoft Works
2007-05-25 06:12:21 10,706 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-25 01:27:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-05-22 12:25:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-05-20 10:04:54 -------- d-----w C:\Program Files\Cooledit
2007-05-19 06:51:27 -------- d-----w C:\Program Files\VirtualDJ
2007-05-08 01:39:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-05-06 06:43:04 -------- d-----w C:\Program Files\BitTorrent
2007-05-03 06:15:26 -------- d-----w C:\Program Files\WinPcap
2007-05-02 16:47:55 -------- d-----w C:\Program Files\Folder Lock
2007-05-01 10:58:00 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-01 09:21:17 -------- d-----w C:\Program Files\MSN Messenger
2007-04-30 23:13:25 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-30 20:09:15 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:25 36,624 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 10:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 10:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 10:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 10:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 10:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 10:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 10:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 10:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 10:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 10:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-06 08:53:40 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll
2007-04-06 08:53:40 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 00:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 00:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-31 00:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" []
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-12 06:27]
"VTTimer"="VTTimer.exe" [2004-10-22 10:53 C:\WINDOWS\system32\VTTimer.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 14:01]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"RecordNow!"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [2004-04-08 21:51]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Magnify"=
"RunNarrator"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-31 00:29]
Contents of the 'Scheduled Tasks' folder
2007-05-22 08:52:00 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1090486217.job
2004-11-04 00:36:16 C:\WINDOWS\tasks\Symantec NetDetect.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 22:50:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\Windows Update.log
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\WNBackup
C:\WINDOWS\ws2setup.log
C:\WINDOWS\wsdu.log
C:\WINDOWS\WSST_Screen_Saver.ini
C:\WINDOWS\wwmf
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
C:\WINDOWS\xpsp1hfm.log
C:\WINDOWS\yacs.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
scan completed successfully
hidden files: 24
**************************************************************************
Completion time: 2007-06-13 22:51:19
--- E O F ---
THX for sticking with me on this.:
ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix\ComboFix.exe
"Owner" - 2007-06-13 22:47:20 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-13 20:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-12 09:45 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Comodo
2007-06-12 06:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-06-12 06:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-06-12 06:27 <DIR> d-------- C:\Program Files\Comodo
2007-06-12 06:05 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-12 04:43 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-11 19:54 1,824 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-11 15:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-11 05:09 <DIR> d-------- C:\Program Files\SpyCrush 3.2
2007-06-11 04:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-11 02:16 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-11 00:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-10 21:10 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 19:29 <DIR> d---s---- C:\DOCUME~1\Guest\UserData
2007-06-09 18:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-08 23:48 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-06-08 23:48 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-06-08 23:48 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-06-08 23:48 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-06-08 23:48 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-06-08 23:48 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-06-08 23:48 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-06-08 23:48 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-06-08 22:03 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-08 22:03 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-08 22:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-08 22:03 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-06-08 22:03 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-06-08 21:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-08 20:51 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-08 08:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-05-31 18:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 18:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 18:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 18:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-28 20:28 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-26 09:01 <DIR> d-------- C:\Program Files\DC++
2007-05-25 22:45 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-25 22:44 2,301 --a------ C:\WINDOWS\mozver.dat
2007-05-25 15:34 <DIR> d-------- C:\Program Files\Google
2007-05-25 15:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-25 15:28 15,714,552 --a------ C:\Program Files\Google_Earth_BZXV.exe
2007-05-23 03:14 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-23 01:57 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-05-23 01:57 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-05-23 01:57 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-05-23 01:57 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-05-23 01:57 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-05-23 01:57 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-05-23 01:57 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-05-22 23:44 <DIR> d-------- C:\Program Files\QuickTime
2007-05-22 23:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-21 04:08 <DIR> d--hs---- C:\DOCUME~1\Owner\Complete
2007-05-19 12:41 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ableton
2007-05-19 12:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
2007-05-14 18:54 <DIR> d-------- C:\Program Files\Vodei
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-13 10:34:24 -------- d-----w C:\Program Files\EA Games
2007-06-09 04:28:07 -------- d-----w C:\Program Files\Easy Internet signup
2007-06-08 10:06:32 -------- d-----w C:\Program Files\DivX
2007-05-29 09:59:53 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-29 09:58:06 -------- d-----w C:\Program Files\Microsoft Works
2007-05-25 06:12:21 10,706 -c--a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2007-05-25 01:27:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-05-22 12:25:47 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-05-20 10:04:54 -------- d-----w C:\Program Files\Cooledit
2007-05-19 06:51:27 -------- d-----w C:\Program Files\VirtualDJ
2007-05-08 01:39:28 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX
2007-05-06 06:43:04 -------- d-----w C:\Program Files\BitTorrent
2007-05-03 06:15:26 -------- d-----w C:\Program Files\WinPcap
2007-05-02 16:47:55 -------- d-----w C:\Program Files\Folder Lock
2007-05-01 10:58:00 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-01 09:21:17 -------- d-----w C:\Program Files\MSN Messenger
2007-04-30 23:13:25 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-30 20:09:15 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:25 36,624 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 10:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 10:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 10:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 10:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 10:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 10:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 10:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 10:45:20 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 10:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 10:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-06 08:53:40 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll
2007-04-06 08:53:40 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 00:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 00:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-05-31 00:30]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" []
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-06-12 06:27]
"VTTimer"="VTTimer.exe" [2004-10-22 10:53 C:\WINDOWS\system32\VTTimer.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-23 14:01]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 04:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"RecordNow!"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [2004-04-08 21:51]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Magnify"=
"RunNarrator"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-31 00:29]
Contents of the 'Scheduled Tasks' folder
2007-05-22 08:52:00 C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1090486217.job
2004-11-04 00:36:16 C:\WINDOWS\tasks\Symantec NetDetect.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 22:50:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\Windows Update.log
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\WMSysPrx.prx
C:\WINDOWS\WNBackup
C:\WINDOWS\ws2setup.log
C:\WINDOWS\wsdu.log
C:\WINDOWS\WSST_Screen_Saver.ini
C:\WINDOWS\wwmf
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
C:\WINDOWS\xpsp1hfm.log
C:\WINDOWS\yacs.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
scan completed successfully
hidden files: 24
**************************************************************************
Completion time: 2007-06-13 22:51:19
--- E O F ---
THX for sticking with me on this.
:
Hi,
Delete next folder:
C:\Program Files\SpyCrush 3.2
check and fix next orphaned entries in Hijackthis:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
don't worry about the "hidden files" part in your Combofix log, that's because of the Folder Lock.
The rest looks ok.
No need to post new logs, I know after performing above, the entries will be gone in Hijackthis.
Please do not tinker anymore with settings etc.. this to prevent you break more instead of fixing:
Delete next folder:
C:\Program Files\SpyCrush 3.2
check and fix next orphaned entries in Hijackthis:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
don't worry about the "hidden files" part in your Combofix log, that's because of the Folder Lock.
The rest looks ok.
No need to post new logs, I know after performing above, the entries will be gone in Hijackthis.
Please do not tinker anymore with settings etc.. this to prevent you break more instead of fixing
: