Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

I need to know what is safe to delete from myhijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

I need to know what is safe to delete from myhijack this log

Unread postby squishd1 » February 12th, 2009, 8:33 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:49 AM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\SCardSvr.exe
C:\windows\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\windows\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\windows\System32\ups.exe
C:\windows\System32\vssvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\cher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\windows\System32\alg.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.37.0\HostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm458OEUS
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%20Mysteries%20-%20Curse%20of%20the%20Emerald%20Tear/Images/stg_drm.ocx
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/sk ... illgam.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/bl ... ckwerx.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%20Mysteries%20-%20Curse%20of%20the%20Emerald%20Tear/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Firewall - Networks Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9622 bytes
Thank you Squishd1
squishd1
Active Member
 
Posts: 3
Joined: February 12th, 2009, 8:23 am
Top
Advertisement
Register to Remove

Re: I need to know what is safe to delete from myhijack this log

Unread postby Shaba » February 23rd, 2009, 11:54 am

Hi squishd1 and sorry for delay.

If you still need help, please post next a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: I need to know what is safe to delete from myhijack this log

Unread postby squishd1 » February 24th, 2009, 10:07 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:27 PM, on 2/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\SCardSvr.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\msdtc.exe
C:\windows\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\ThreatFire\TFService.exe
C:\windows\System32\ups.exe
C:\windows\System32\vssvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Mighty\RegistryMighty.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cher's Fun Spots
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A6DC3F58-65A5-4183-9BBA-4A2C67781F0A} - C:\windows\system32\cards32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistryMighty.exe] C:\Program Files\Registry Mighty\RegistryMighty.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%20Mysteries%20-%20Curse%20of%20the%20Emerald%20Tear/Images/stg_drm.ocx
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/sk ... illgam.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/bl ... ckwerx.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%20Mysteries%20-%20Curse%20of%20the%20Emerald%20Tear/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Firewall - Networks Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8486 bytes
Thank you for your reply. This is a new log. Please let me know what is safe to delete. I know I have a virus or worm, and my coputer is runnig really slow.
Squish
squishd1
Active Member
 
Posts: 3
Joined: February 12th, 2009, 8:23 am
Top

Re: I need to know what is safe to delete from myhijack this log

Unread postby Shaba » February 25th, 2009, 1:01 am

  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: I need to know what is safe to delete from myhijack this log

Unread postby squishd1 » February 25th, 2009, 8:20 pm

Here is the requested info. Thank you so much for your assistance in this matter.
Squishd1


Logfile of random's system information tool 1.05 (written by random/random)
Run by Squish at 2009-02-25 16:13:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (64%) free of 38 GB
Total RAM: 512 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:17 PM, on 2/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\SCardSvr.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\windows\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\windows\System32\ups.exe
C:\windows\System32\vssvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\windows\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\windows\System32\alg.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Mighty\RegistryMighty.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Documents and Settings\Squish\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Squish.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Cher's Fun Spots
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A6DC3F58-65A5-4183-9BBA-4A2C67781F0A} - C:\windows\system32\cards32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Alogserv] "C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe"
O4 - HKLM\..\Run: [ThreatFire] "C:\Program Files\ThreatFire\TFTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegistryMighty.exe] "C:\Program Files\Registry Mighty\RegistryMighty.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [ctfmon.exe] "C:\windows\system32\ctfmon.exe"
O4 - HKCU\..\Run: [AdwareAlert] "C:\Program Files\AdwareAlert\AdwareAlert.exe" -boot
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jewel%20Quest%20Mysteries%20-%20Curse%20of%20the%20Emerald%20Tear/Images/stg_drm.ocx
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/sk ... illgam.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5555890817
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/bl ... ckwerx.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jewel%20Quest%20Mysteries%20-%20Curse%20of%20the%20Emerald%20Tear/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Firewall - Networks Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9344 bytes

======Scheduled tasks folder======

C:\windows\tasks\AdwareAlert Scheduled Scan.job
C:\windows\tasks\ErrorRepairTool Scan.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-746137067-1957994488-1004.job
C:\windows\tasks\wrSpySweeper_LA7151F66540946208ACB2282DEFE4FF5.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6DC3F58-65A5-4183-9BBA-4A2C67781F0A}]
C:\windows\system32\cards32.dll [2009-02-16 26528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-19 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-26 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-19 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-19 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alogserv"=C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe [2002-01-04 36881]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-02-02 263440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-28 282624]
"RegistryMighty.exe"=C:\Program Files\Registry Mighty\RegistryMighty.exe [2008-09-23 3194368]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-02-14 6308728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-30 68856]
"McAfee.InstantUpdate.Monitor"=C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe [2002-02-10 102468]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-13 15360]
"AdwareAlert"=C:\Program Files\AdwareAlert\AdwareAlert.exe [2009-02-13 9097216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance]
C:\Program Files\Gamevance\gamevance32.exe [2009-01-08 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\cher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe [2001-12-18 142336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-02-28 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cher^Start Menu^Programs^Startup^Forget Me Not Reminders.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetFolders"=0
"NoRun"=0
"NoFind"=0
"NoClose"=0
"NoCommonGroups"=0
"NoDrives"=0
"NoDesktop"=0
"NoTrayContextMenu"=0
"NoViewContextMenu"=0
"NoFileSharing"=0
"NoPrintSharing"=0
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Farstone\VirtualDrive\MGR.exe"="C:\Program Files\Farstone\VirtualDrive\MGR.exe:*:Enabled:VirtualDrive MGR"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\GameHouse\Collapse\Collapse.exe"="C:\Program Files\GameHouse\Collapse\Collapse.exe:*:Disabled:Super Collapse!"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cbe5d90-ab80-11dd-a0bf-00022ad78760}]
shell\AutoRun\command - D:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-02-25 16:13:43 ----D---- C:\rsit
2009-02-25 15:56:48 ----A---- C:\windows\isRS-000.tmp
2009-02-25 15:56:42 ----A---- C:\windows\system32\capicom.dll
2009-02-25 15:55:36 ----D---- C:\Program Files\MSSOAP
2009-02-25 15:54:25 ----A---- C:\windows\WRSetup.dll
2009-02-25 15:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2009-02-25 06:02:02 ----D---- C:\My Games
2009-02-25 06:00:57 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarGameBox
2009-02-25 06:00:39 ----D---- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
2009-02-25 06:00:02 ----D---- C:\Program Files\Alawar
2009-02-25 02:39:30 ----D---- C:\Compaq
2009-02-25 00:16:47 ----D---- C:\Program Files\Combined Community Codec Pack
2009-02-24 17:32:39 ----N---- C:\windows\system32\spmsg.dll
2009-02-24 17:32:35 ----HDC---- C:\windows\$NtUninstallKB967715$
2009-02-23 21:23:57 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-02-23 21:03:38 ----D---- C:\Documents and Settings\Squish\Application Data\Apple Computer
2009-02-23 18:19:20 ----D---- C:\Documents and Settings\Squish\Application Data\Mozilla
2009-02-23 18:18:32 ----D---- C:\Documents and Settings\Squish\Application Data\LimeWire
2009-02-23 18:16:48 ----D---- C:\Program Files\LimeWire
2009-02-23 18:02:30 ----D---- C:\Program Files\serialz2k updates
2009-02-23 13:36:47 ----D---- C:\560cdf307e9034c0e91561cd06a73c
2009-02-23 11:58:26 ----D---- C:\GameHouse Games
2009-02-22 13:27:30 ----D---- C:\Documents and Settings\Squish\Application Data\ErrorRepairTool
2009-02-21 12:18:37 ----D---- C:\Program Files\ErrorRepairTool
2009-02-21 12:17:53 ----D---- C:\Program Files\Downloaded Installers
2009-02-21 12:04:31 ----D---- C:\Program Files\Registry Mighty
2009-02-20 12:57:38 ----A---- C:\DVDPATH.TXT
2009-02-17 18:46:41 ----D---- C:\Documents and Settings\Squish\Application Data\GameBlend
2009-02-16 22:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\GameBlend
2009-02-16 10:46:27 ----D---- C:\Program Files\BFG
2009-02-16 07:44:14 ----A---- C:\Program Files\Setup_build6_1003313.exevirusdoctor.exe
2009-02-16 07:24:00 ----D---- C:\Program Files\XoftSpySE
2009-02-16 06:24:55 ----D---- C:\Documents and Settings\Squish\Application Data\funkitron
2009-02-16 06:17:22 ----D---- C:\Documents and Settings\Squish\Application Data\AdwareAlert
2009-02-16 06:15:58 ----D---- C:\Program Files\AdwareAlert
2009-02-16 06:00:24 ----A---- C:\windows\system32\cards32.dll
2009-02-16 05:49:47 ----D---- C:\Program Files\s2k.7.1.plus
2009-02-15 20:44:15 ----A---- C:\windows\system32\BASSMOD.dll
2009-02-14 14:38:40 ----A---- C:\windows\system32\javaws.exe
2009-02-14 14:38:40 ----A---- C:\windows\system32\javaw.exe
2009-02-14 14:38:40 ----A---- C:\windows\system32\java.exe
2009-02-14 13:35:45 ----D---- C:\Program Files\Jewel Quest
2009-02-14 13:34:17 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-02-13 17:09:18 ----A---- C:\windows\system32\wrLZMA.dll
2009-02-13 17:09:10 ----A---- C:\windows\system32\SsiEfr.exe
2009-02-12 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-12 06:23:34 ----D---- C:\Documents and Settings\All Users\Application Data\EA
2009-02-11 20:55:00 ----A---- C:\windows\patchw32.dll
2009-02-11 20:54:58 ----D---- C:\windows\system32\system
2009-02-11 20:33:56 ----HDC---- C:\windows\$NtUninstallKB960715$
2009-02-04 16:09:48 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-02-04 12:28:23 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-04 09:45:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 1 months======

2009-02-25 16:13:46 ----D---- C:\windows\Prefetch
2009-02-25 16:11:42 ----D---- C:\windows\Temp
2009-02-25 16:02:09 ----SD---- C:\windows\Tasks
2009-02-25 16:01:12 ----D---- C:\windows\system32\drivers
2009-02-25 16:00:20 ----D---- C:\WINDOWS
2009-02-25 15:59:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-25 15:59:28 ----D---- C:\windows\Registration
2009-02-25 15:59:14 ----D---- C:\Program Files\ThreatFire
2009-02-25 15:58:12 ----A---- C:\windows\SchedLgU.Txt
2009-02-25 15:56:42 ----SHD---- C:\windows\system32
2009-02-25 15:55:45 ----SHD---- C:\windows\Installer
2009-02-25 15:55:45 ----D---- C:\windows\WinSxS
2009-02-25 15:55:36 ----RD---- C:\Program Files
2009-02-25 15:55:08 ----HD---- C:\windows\inf
2009-02-25 15:54:24 ----D---- C:\Program Files\Webroot
2009-02-25 15:32:14 ----RD---- C:\windows\Favorites
2009-02-25 14:10:18 ----D---- C:\Program Files\GameHouse
2009-02-25 14:09:10 ----D---- C:\windows\system32\CatRoot2
2009-02-25 02:39:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-25 02:07:15 ----D---- C:\windows\Minidump
2009-02-25 01:58:15 ----SD---- C:\windows\Downloaded Program Files
2009-02-25 00:35:27 ----A---- C:\systemscandata.txt
2009-02-24 17:32:48 ----RSHDC---- C:\windows\system32\dllcache
2009-02-24 17:30:24 ----D---- C:\windows\system32\CatRoot
2009-02-24 17:28:48 ----HD---- C:\windows\$hf_mig$
2009-02-23 21:35:06 ----A---- C:\windows\win.ini
2009-02-23 20:19:05 ----D---- C:\Documents and Settings\Squish\Application Data\U3
2009-02-23 13:37:17 ----D---- C:\windows\system32\config
2009-02-23 13:36:57 ----D---- C:\windows\system32\wbem
2009-02-23 12:33:08 ----A---- C:\windows\ntbtlog.txt
2009-02-23 12:20:32 ----D---- C:\Documents and Settings
2009-02-23 11:57:56 ----D---- C:\Program Files\RealArcade
2009-02-21 15:25:30 ----D---- C:\windows\Help
2009-02-21 14:56:48 ----RD---- C:\My Music
2009-02-21 14:00:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-21 13:32:08 ----A---- C:\windows\imsins.BAK
2009-02-21 13:32:02 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-02-20 21:50:02 ----D---- C:\Documents and Settings\Squish\Application Data\Corel
2009-02-15 21:07:09 ----D---- C:\Program Files\Trend Micro
2009-02-15 21:03:21 ----D---- C:\Program Files\PopCap Games
2009-02-15 20:59:23 ----D---- C:\Program Files\Twistingo& Penguin Puzzle
2009-02-14 20:56:31 ----D---- C:\Documents and Settings\Squish\Application Data\Adobe
2009-02-14 14:38:32 ----D---- C:\Program Files\Java
2009-02-14 00:38:45 ----D---- C:\Program Files\Serials 2000
2009-02-14 00:36:00 ----A---- C:\windows\Wininit.ini
2009-02-12 16:10:17 ----D---- C:\Program Files\Hidden Expedition - Everest
2009-02-12 12:23:03 ----D---- C:\windows\network diagnostic
2009-02-12 03:42:05 ----D---- C:\windows\pss
2009-02-12 03:36:41 ----SHD---- C:\System Volume Information
2009-02-12 03:36:41 ----D---- C:\windows\system32\Restore
2009-02-12 01:02:37 ----D---- C:\Program Files\Gamevance
2009-02-12 01:00:52 ----SHD---- C:\Program Files\outlook
2009-02-11 20:37:04 ----D---- C:\Program Files\Internet Explorer
2009-02-04 16:10:32 ----D---- C:\Program Files\Cosmi
2009-02-04 15:41:57 ----D---- C:\Documents and Settings\Squish\Application Data\SolSuite
2009-02-03 20:06:16 ----RSD---- C:\windows\Fonts
2009-02-03 20:01:30 ----D---- C:\SIERRA
2009-02-03 19:40:51 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-02-03 19:40:12 ----D---- C:\Program Files\Roxio
2009-02-03 15:21:12 ----A---- C:\windows\system32\MRT.exe
2009-02-03 11:18:06 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-30 17:30:42 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\windows\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 ATMhelpr;ATMhelpr; C:\windows\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 cdawdm;CDAWDM; C:\windows\System32\DRIVERS\CDAWDM.sys [2002-01-24 46735]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2003-07-16 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\windows\System32\DRIVERS\AegisP.sys [2008-03-18 17801]
R3 banshee;banshee; C:\windows\System32\DRIVERS\banshee.sys [2001-08-17 36128]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\windows\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 fcdabus;fcdabus; C:\windows\System32\DRIVERS\fcdabus.sys [2008-02-28 10899]
R3 fvdscsi;fvdscsi; C:\windows\System32\DRIVERS\fvdscsi.sys [2008-02-28 60008]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 McAfeePF;McAfee Firewall Network Filter Miniport; C:\windows\System32\DRIVERS\fw220.sys [2001-12-12 29696]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\System32\drivers\TfNetMon.sys []
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\windows\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 OMCI;OMCI; C:\windows\system32\drivers\OMCI.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\windows\System32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\windows\system32\drivers\AR5523.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\windows\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\DNINDIS5.SYS []
S3 emu10k;Creative SB Live! (WDM); C:\windows\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\windows\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 genmcmn;Genius NewScroll Mouse Driver; C:\windows\System32\DRIVERS\gmfiltr.sys [2001-09-21 6784]
S3 KMW_KBD;Kensington Input Devices Class filter driver; C:\windows\System32\DRIVERS\KMW_KBD.sys [2003-05-27 5248]
S3 NaiFiltr;NaiFiltr; C:\windows\System32\DRIVERS\NaiFiltr.sys [2001-08-17 23296]
S3 Pcouffin;Low level access layer for CD devices; C:\windows\system32\drivers\Pcouffin.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sermouse;Serial Mouse Driver; C:\windows\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\windows\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2001-11-09 465224]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\windows\system32\drivers\ac97via.sys [2002-08-28 84480]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AvSynMgr;AVSync Manager; C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe [2002-01-04 172049]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-26 168432]
R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 McAfee Firewall;McAfee Firewall; C:\Program Files\McAfee\McAfee Firewall\CPD.EXE [2002-08-19 221184]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-02-02 70928]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-02-13 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-02-25 1180976]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
S4 McShield;McShield; C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe [2002-01-04 225375]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-02-25 16:14:58

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Line Slots-->C:\PROGRA~1\GAMEHO~1\Slots\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Slots\INSTALL.LOG
Adobe Acrobat Reader 3.01-->C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL4.isu
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe PhotoDeluxe Home Edition 3.1-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.1\DeIsL4.isu" -c"C:\Program Files\PhotoDeluxe HE 3.1\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Type Manager 4.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL2.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Adventure Inlay - Safari Edition-->C:\PROGRA~1\GAMEHO~1\ADVENT~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\ADVENT~1\INSTALL.LOG
AdwareAlert-->MsiExec.exe /X{FDDDA858-FAFE-4472-9273-989F63F4AC30}
Alawar Game Box-->C:\Program Files\Alawar\AlawarGameBox\Uninstall.exe
Aloha Solitaire-->C:\PROGRA~1\GAMEHO~1\ALOHAS~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\ALOHAS~1\INSTALL.LOG
AquaBall-->C:\Program Files\Alawar\Aquaball\Uninstall.exe
Bejeweled 2-->C:\PROGRA~1\GAMEHO~1\BEJEWE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BEJEWE~1\INSTALL.LOG
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BlotterGeist v1.5-->"C:\Program Files\GameYard.com\BlotterGeist\unins000.exe"
Chuzzle Deluxe-->C:\PROGRA~1\GAMEHO~1\CHUZZL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\CHUZZL~1\INSTALL.LOG
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ErrorRepairTool-->MsiExec.exe /X{5CFC48CA-AD9E-4F22-8B58-84628B78636D}
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
FarStone Image Reader-->C:\Program Files\Farstone\VCDReader\Uninstall.exe
Gamevance-->C:\Program Files\Gamevance\gvun.exe
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
Incadia-->C:\PROGRA~1\GAMEHO~1\Incadia\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Incadia\INSTALL.LOG
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Jewel Quest (remove only)-->"C:\Program Files\iWin.com Games\Jewel Quest\Uninstall.exe"
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
McAfee Firewall-->MsiExec.exe /I{9E0FB790-5971-41F3-A1C3-1CF9E153FF2A}
McAfee VirusScan-->MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Peggle Nights-->C:\PROGRA~1\GAMEHO~1\PEGGLE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\PEGGLE~1\INSTALL.LOG
Penguin Puzzle-->C:\PROGRA~1\eGames\PENGUI~1\UNWISE.EXE C:\PROGRA~1\eGames\PENGUI~1\INSTALL.LOG
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Registry Mighty v6.1-->"C:\Program Files\Registry Mighty\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Slingo Quest (remove only)-->"C:\Program Files\Funkitron\Slingo Quest\Uninstall.exe"
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe" /Log="C:\DOCUME~1\Squish\LOCALS~1\Temp\Uninstall.txt"
Super Collapse!-->C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
Super TextTwist-->C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
TipTop Deluxe 1.1-->C:\Program Files\PopCap Games\TipTop Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\TipTop Deluxe\Install.log
Twistingo-->C:\PROGRA~1\eGames\TWISTI~1\UNWISE.EXE C:\PROGRA~1\eGames\TWISTI~1\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe"
VirtualDrive-->MsiExec.exe /I{D5BB0907-4BBB-46A3-AA68-0173D111058D}
Wheel of Fortune 2 (remove only)-->"C:\Program Files\Sony Online Entertainment\Wheel of Fortune 2\Uninstall Wheel of Fortune 2.exe"
Window Washer 5-->C:\WINDOWS\Unwash5.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordJong To Go-->C:\PROGRA~1\GAMEHO~1\WORDJO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WORDJO~1\INSTALL.LOG
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

System event log

Computer Name: INC-CK9D33CUSUB
Event Code: 7023
Message: The IPSEC Services service terminated with the following error:
The attempted operation is not supported for the type of object referenced.


Record Number: 5
Source Name: Service Control Manager
Time Written: 20090212062930.000000-480
Event Type: error
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 98
Message: RSM was stopped.

Record Number: 4
Source Name: Removable Storage Service
Time Written: 20090212062926.000000-480
Event Type: information
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 4
Message: Driver detected an internal error in its data structures for .

Record Number: 3
Source Name: fvdscsi
Time Written: 20090212062915.000000-480
Event Type: error
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090212062901.000000-480
Event Type: information
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090212062901.000000-480
Event Type: information
User:

Application event log

Computer Name: INC-CK9D33CUSUB
Event Code: 0
Message:
Record Number: 1333
Source Name: IDriverT
Time Written: 20081125122310.000000-480
Event Type: information
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 4137
Message: CI has started for catalog c:\system volume information\catalog.wci.

Record Number: 1332
Source Name: Ci
Time Written: 20081125122042.000000-480
Event Type: information
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 1331
Source Name: SecurityCenter
Time Written: 20081125121311.000000-480
Event Type: information
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 2444
Message: MS DTC started with the following settings:



Security Configuration (OFF = 0 and ON = 1):

Network Administration of Transactions = 0,

Network Clients = 0,

Inbound Distributed Transactions using Native MSDTC Protocol = 0,

Outbound Distributed Transactions using Native MSDTC Protocol = 0,

Transaction Internet Protocol (TIP) = 0,

XA Transactions = 0
Record Number: 1330
Source Name: MSDTC
Time Written: 20081125121309.000000-480
Event Type: information
User:

Computer Name: INC-CK9D33CUSUB
Event Code: 0
Message:
Record Number: 1329
Source Name: IDriverT
Time Written: 20081125121301.000000-480
Event Type: information
User:

Security event log

Computer Name: INC-CK9D33CUSUB
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 17866
Source Name: Security
Time Written: 20090222133119.000000-480
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: INC-CK9D33CUSUB
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 17865
Source Name: Security
Time Written: 20090222133119.000000-480
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: INC-CK9D33CUSUB
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 17864
Source Name: Security
Time Written: 20090222133119.000000-480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: INC-CK9D33CUSUB
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 17863
Source Name: Security
Time Written: 20090222133119.000000-480
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: INC-CK9D33CUSUB
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 17862
Source Name: Security
Time Written: 20090222132216.000000-480
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 3 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0300
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
squishd1
Active Member
 
Posts: 3
Joined: February 12th, 2009, 8:23 am
Top

Re: I need to know what is safe to delete from myhijack this log

Unread postby Shaba » February 26th, 2009, 1:10 am

I'd like you to check a file for malware.
C:\windows\system32\cards32.dll

  • Copy/Paste file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.
  • Post back results here, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: I need to know what is safe to delete from myhijack this log

Unread postby NonSuch » March 3rd, 2009, 7:19 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 274 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index