Avast WEBforum
Other => Viruses and worms => Topic started by: michaelong on November 27, 2007, 06:08:37 AM
-
hi Oldman, i'll try to scan again but chances r slim as i've attempted a few scan previously wt DSS but w/o success.
will pass my log again once i'm finished wt scan.
thx Oldman for all ur time n effort spend in helping me to solve this virus issue.
may u be in good health always
long live Oldman
best regards
michaelong
-
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 511.48 MiB / 252.54 MiB
Pagefile Memory (total/avail): 1249.44 MiB / 953.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.85 MiB
C: is Fixed (FAT32) - 54.98 GiB total, 3.68 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 0.87 GiB total, 0.87 GiB free.
\\.\PHYSICALDRIVE0 - HTS541060G9AT00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 55.01 GiB - C:
\PARTITION1 - Installable File System - 894.24 MiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: avast! antivirus 4.7.1043 [VPS 071125-0] v4.7.1043 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Xider\\EsR\\Game.exe"="C:\\Program Files\\Xider\\EsR\\Game.exe:*:Enabled:Game"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\myself\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-D137MZMHOW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\myself
LOGONSERVER=\\ACER-D137MZMHOW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\myself\LOCALS~1\Temp
TMP=C:\DOCUME~1\myself\LOCALS~1\Temp
USERDOMAIN=ACER-D137MZMHOW
USERNAME=myself
USERPROFILE=C:\Documents and Settings\myself
windir=C:\WINDOWS
-
-- User Profiles ---------------------------------------------------------------
myself (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ËÀÍöÖ®ÎÝ3 °²×°³ÌÐò --> C:\HOD3\UNWISE.EXE C:\HOD3\INSTALL.LOG
ËÀÍö´ò×ÖÔ± °²×°³ÌÐò --> C:\TODC\UNWISE.EXE C:\TODC\INSTALL.LOG
ËÀÍö¹íÎÝ °²×°³ÌÐò --> C:\EAIÖ1IIY\UNWISE.EXE C:\EAIÖ1IIY\INSTALL.LOG
5 Spots II --> C:\Program Files\reflexive games\5 Spots II\UNWISE.EXE C:\Program Files\reflexive games\5 Spots II\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems AC'97 Modem --> agrsmdel
Air Strike II Gulf Thunder --> C:\Program Files\reflexive games\Air Strike II Gulf Thunder\UNWISE.EXE C:\Program Files\reflexive games\Air Strike II Gulf Thunder\INSTALL.LOG
Alien Shooter --> C:\Program Files\reflexive games\Alien Shooter\UNWISE.EXE C:\Program Files\reflexive games\Alien Shooter\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspire Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Aspire Series --> C:\Program Files\Aspire Series\uninstall.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BearFlix --> C:\PROGRA~1\BEARFLIX\UNWISE.EXE C:\PROGRA~1\BEARFLIX\INSTALL.LOG
Bengal - Game of Gods (remove only) --> C:\Program Files\GameHouse\Bengal - Game of Gods\Uninstall.exe
Big Kahuna Reef --> C:\Program Files\GameHouse\Big Kahuna Reef\UNWISE.EXE C:\Program Files\GameHouse\Big Kahuna Reef\INSTALL.LOG
Big Kahuna Reef 2 - Chain Reaction --> "C:\Program Files\reflexive games\Big Kahuna Reef 2\ReflexiveArcade\unins000.exe"
Casino Island To Go --> "C:\Program Files\reflexive games\Casino Island To Go\ReflexiveArcade\unins000.exe"
Chicken Attack (remove only) --> C:\Program Files\GameHouse\Chicken Attack\Uninstall.exe
Chuzzle Deluxe --> "C:\Program Files\reflexive games\Chuzzle Deluxe\unins000.exe"
CRW Series Driver v1.17r019 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39AE0413-CEFC-4559-AC5F-855A1C006D2F}\SETUP.EXE" -l0x9
Cubis Gold 2 --> C:\PROGRA~1\GAMEHO~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\GAMEHO~1\CUBISG~1\INSTALL.LOG
Cute Knight --> "C:\Program Files\reflexive games\Cute Knight\ReflexiveArcade\unins000.exe"
Deep Sea Tycoon 2 --> "C:\Program Files\reflexive games\Deep Sea Tycoon 2\unins000.exe"
Dynomite --> C:\Program Files\PopCap Games\Dynomite\UNWISE.EXE C:\Program Files\PopCap Games\Dynomite\INSTALL.LOG
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
EsR 1.0 --> C:\PROGRA~1\Xider\EsR\Setup.exe /remove
FeedingFrenzy --> C:\Program Files\GameHouse\FeedingFrenzy\UNWISE.EXE C:\Program Files\GameHouse\FeedingFrenzy\INSTALL.LOG
Fishing Trip --> "C:\Program Files\reflexive games\Fishing Trip\unins000.exe"
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Golf Adventure Galaxy --> C:\Program Files\reflexive games\Golf Adventure Galaxy\UNWISE.EXE C:\Program Files\reflexive games\Golf Adventure Galaxy\INSTALL.LOG
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Gutterball 2 --> C:\Program Files\GameHouse\Gutterball 2\UNWISE.EXE C:\Program Files\GameHouse\Gutterball 2\INSTALL.LOG
Hammer Heads 1.0 --> C:\Program Files\PopCap Games\Hammer Heads Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Hammer Heads Deluxe\Install.log"
Heavy Weapon Deluxe --> C:\Program Files\PopCap Games\Heavy Weapon\UNWISE.EXE C:\Program Files\PopCap Games\Heavy Weapon\INSTALL.LOG
Hidden Expedition Titanic (remove only) --> C:\Program Files\GameHouse\Hidden Expedition Titanic\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
-
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JETFIGHTER 2015 --> "C:\Program Files\Global Star Software\JETFIGHTER 2015\Uninstall.exe" "C:\Program Files\Global Star Software\JETFIGHTER 2015\install.log"
Launch Manager --> C:\WINDOWS\UnInst32.exe CPLFL32.UNI
Magic Ball 2 --> C:\Program Files\GameHouse\Magic Ball 2\UNWISE.EXE C:\Program Files\GameHouse\Magic Ball 2\INSTALL.LOG
Magic Vines --> C:\Program Files\GameHouse\Magic Vines\UNWISE.EXE C:\Program Files\GameHouse\Magic Vines\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mummy Maze Deluxe --> C:\Program Files\PopCap Games\Mummy Maze Deluxe\UNWISE.EXE C:\Program Files\PopCap Games\Mummy Maze Deluxe\INSTALL.LOG
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Off Road Arena --> "C:\Program Files\reflexive games\Off Road Arena\unins000.exe"
Platypus --> C:\Program Files\GameHouse\Platypus\UNWISE.EXE C:\Program Files\GameHouse\Platypus\INSTALL.LOG
Poker Superstars --> C:\PROGRA~1\GAMEHO~1\POKERS~1\UNWISE.EXE C:\PROGRA~1\GAMEHO~1\POKERS~1\INSTALL.LOG
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rocket Bowl --> C:\Program Files\reflexive games\Rocket Bowl\UNWISE.EXE C:\Program Files\reflexive games\Rocket Bowl\INSTALL.LOG
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC IrCC Driver V5.1.2462.0 (WinXP) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC86822D-3A20-11D5-801B-00E029348F40}\setup.exe"
Snail Mail --> C:\Program Files\reflexive games\Snail Mail\UNWISE.EXE C:\Program Files\reflexive games\Snail Mail\INSTALL.LOG
Snowy Puzzle Islands --> C:\Program Files\reflexive games\Snowy Puzzle Islands\UNWISE.EXE C:\Program Files\reflexive games\Snowy Puzzle Islands\INSTALL.LOG
Spin & Win --> C:\Program Files\reflexive games\Spin & Win\UNWISE.EXE C:\Program Files\reflexive games\Spin & Win\INSTALL.LOG
SpongeBob Collapse --> C:\Program Files\GameHouse\SpongeBob Collapse\UNWISE.EXE C:\Program Files\GameHouse\SpongeBob Collapse\INSTALL.LOG
Super Jigsaw --> C:\Program Files\GameHouse\Super Jigsaw\UNWISE.EXE C:\Program Files\GameHouse\Super Jigsaw\INSTALL.LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamUp --> C:\Program Files\reflexive games\TeamUp\UNWISE.EXE C:\Program Files\reflexive games\TeamUp\INSTALL.LOG
Tradewinds 2 --> "C:\Program Files\reflexive games\Tradewinds 2\unins000.exe"
Traffic Jam Extreme --> C:\Program Files\reflexive games\Traffic Jam Extreme\UNWISE.EXE C:\Program Files\reflexive games\Traffic Jam Extreme\INSTALL.LOG
Tropix --> C:\PROGRA~1\GAMEHO~1\TROPIX\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TROPIX\INSTALL.LOG
Virtual Villagers (remove only) --> C:\Program Files\GameHouse\Virtual Villagers\Uninstall.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Wik And The Fable Of Souls --> C:\Program Files\reflexive games\Wik And The Fable Of Souls\UNWISE.EXE C:\Program Files\reflexive games\Wik And The Fable Of Souls\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WM Converter 2.0 --> C:\Program Files\WM Converter\Uninstal.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
-
-- Application Event Log -------------------------------------------------------
Event Record #/Type328 / Error
Event Submitted/Written: 11/27/2007 01:23:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000122ba.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type327 / Error
Event Submitted/Written: 11/27/2007 01:17:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type323 / Error
Event Submitted/Written: 11/27/2007 09:16:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000122ba.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type322 / Error
Event Submitted/Written: 11/27/2007 09:14:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type241 / Error
Event Submitted/Written: 11/21/2007 08:36:57 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module jccatch.dll, version 1.8.4.1007, fault address 0x00007859.
Processing media-specific event for [iexplore.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type507 / Error
Event Submitted/Written: 11/27/2007 04:37:46 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.21 on the
Network Card with network address 00023F17A308.
Event Record #/Type506 / Warning
Event Submitted/Written: 11/27/2007 04:37:46 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023F17A308. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type505 / Warning
Event Submitted/Written: 11/27/2007 04:37:32 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023F17A308. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type504 / Warning
Event Submitted/Written: 11/27/2007 04:36:24 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023F17A308. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type503 / Warning
Event Submitted/Written: 11/27/2007 04:34:06 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023F17A308. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
-- End of Deckard's System Scanner: finished at 2007-11-27 13:25:38 ------------
-
hi Oldman,
finally i'm able to complete my DSS scan after few attempt.
previously DSS always stop near the ending part e.g: examining event logs
i'll be posting my hjt thread after this
.
thx Oldman for paying me an extra attention to my thread
your helps r truly appreciated n will be remembered
sincerely yours
michaelong
-
Ok but there shoulld be two logs from DSS an extra which you have already posted and a main, I'll need that one also. Look for at c:\Deckards
It's getting late so I'll have to continue tomorrow but get the logs posted for sure.
-
StartupList report, 11/27/2007, 1:20:01 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\myself\Start Menu\Programs\Startup]
ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BTTray.lnk = ?
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp = Alaunch
SoundMan = SOUNDMAN.EXE
AGRSMMSG = AGRSMMSG.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IgfxTray = C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
ATIModeChange = Ati2mdxx.exe
ShowIcon_Chander_CRW Series Driver v1.17r019 = "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
PCMService = "C:\Program Files\Aspire Arcade\PCMService.exe"
LManager = C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
kava = C:\WINDOWS\system32\kavo.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
-
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-27 13:24:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 2 Restore Point(s) --
2: 2007-11-27 01:15:16 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-11-27 01:10:54 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 3.68 GiB (less than 15%) free.
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:58 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7961 bytes
-
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-26 18:54:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-10-27 and 2007-11-27 -----------------------------
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59 0 d-------- C:\My Downloads
2007-11-27 07:36:57 0 d-------- C:\Program Files\BearFlix
2007-11-26 10:47:23 92672 -r-hs---- C:\WINDOWS\system32\kavo1.dll
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-21 00:32:52 116092 -r-hs---- C:\ntdelect.com
2007-11-21 00:32:22 116092 -r-hs---- C:\WINDOWS\system32\kavo.exe
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d-------- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39 0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08 0 d-------- C:\TODC
2007-10-31 07:32:38 0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31 0 d-------- C:\HOD3
2007-10-28 17:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 17:05:53 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 17:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-10-28 16:57:11 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:18 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:26:52 0 dr------- C:\Program Files\mike holidays
2007-10-28 01:15:31 0 d-------- C:\notes 20_10
2007-10-28 00:26:03 0 dr------- C:\Program Files\wmv
2007-10-28 00:02:05 0 d-------- C:\Program Files\video hp
2007-10-27 23:46:11 0 d-------- C:\Program Files\video
-
-- Find3M Report ---------------------------------------------------------------
2007-11-25 10:25:50 46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02 0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30 0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02 0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"kava"="C:\WINDOWS\system32\kavo.exe" [11/27/2007 01:15 PM]
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- C:\ntdelect.com
explore\Command- C:\ntdelect.com
open\Command- C:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\ntdelect.com
explore\Command- E:\ntdelect.com
open\Command- E:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
AutoRun\command- E:\ntdelect.com
explore\Command- E:\ntdelect.com
open\Command- E:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
AutoRun\command- F:\ntdelect.com
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
AutoRun\command- F:\ntdelect.com
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com
-- End of Deckard's System Scanner: finished at 2007-11-27 13:25:38 ------------
-
hi Oldman,
indeed the r 2 log files,
sorry for my unattentiveness in addressing this issue.
thousand apologies if i'm causing u any inconvenience in reading as it was
no longer filed in system metrical order.
thank you for being patient wt my carelessness.
i'm not sure wat is ur time now but since it was quite late at ur place,
i would like to wish u hv a good night n a sweet dreams to u.
thanks
michaelong
-
Hi
Yes it's quite late here, should be sleeping by now.
You may want to look at this, The operating system isn't mentioned, but have a look. If you try it and have some success, please post back with a new DSS log and I will have a look to see how well it worked.
http://forum.avast.com/index.php?topic=31671.msg264502#msg264502
If not I will work on a fix as soon as I can.
-
hi Oldman,
no intention of disturbing u fr getting a good rest,
knowing that u hv been quite exhausting urself over this virus issue.
juz to let u know that the link is dead.
but i'm not giving up yet,
i'll try to keep in touch wt the provider of the link as well as other user who manage to access the site.
hv a good rest
good night
michaelong
-
hi Oldman, i'm submitting my DSS n HJT log file for your verification after downloading from the link provided by 63099703
n the virus no longer runs during start up.
my DSS now scan without error n completed in secs. ;D
HJT also runs smoothly.
pls verify if it's safe for other users wt similar virus to use the kavo 1.bat n 2.bat file to rectify the virus problem.
thanks Oldman for all those trouble that i've given u for the past few days.
regards
michaelong
-
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-27 22:50:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 3.7 GiB (less than 15%) free.
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:23 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7989 bytes
-
-- Files created between 2007-10-27 and 2007-11-27 -----------------------------
2007-11-27 21:31:16 0 d-------- C:\EFix
2007-11-27 20:47:31 92672 -----n--- C:\WINDOWS\system32\kavo0.dll
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59 0 d-------- C:\My Downloads
2007-11-27 07:36:57 0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d-------- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39 0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08 0 d-------- C:\TODC
2007-10-31 07:32:38 0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31 0 d-------- C:\HOD3
2007-10-28 17:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 17:05:53 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 17:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-10-28 16:57:11 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:18 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:26:52 0 dr------- C:\Program Files\mike holidays
2007-10-28 01:15:31 0 d-------- C:\notes 20_10
2007-10-28 00:26:03 0 dr------- C:\Program Files\wmv
2007-10-28 00:02:05 0 d-------- C:\Program Files\video hp
2007-10-27 23:46:11 0 d-------- C:\Program Files\video
-- Find3M Report ---------------------------------------------------------------
2007-11-25 10:25:50 46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02 0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30 0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02 0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\ntdelect.com
explore\Command- E:\ntdelect.com
open\Command- E:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
AutoRun\command- E:\ntdelect.com
explore\Command- E:\ntdelect.com
open\Command- E:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
AutoRun\command- F:\ntdelect.com
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbc6c60-9713-11dc-aedf-806d6172696f}]
AutoRun\command- ntdelect.com
explore\Command- ntdelect.com
open\Command- ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
AutoRun\command- F:\ntdelect.com
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com
-- End of Deckard's System Scanner: finished at 2007-11-27 22:50:49 ------------
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:16 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7920 bytes
-
* Trend Micro HijackThis v2.0.2 *
See bottom for version history.
The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention
* Version history *
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release
A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
-
I can't say for 100% that it did work completely, but you are going to help me find out. ;D 8)
After the 2 little quick fixes, I want you to do the manual procedure that you did before. Making changes as needed. :)
It did remove kavo.exe, but left a kavo.dll. Or else the .dll was recreated. Looking at the time stamp it may have been just an old one. It also left the mount points, that we can remove. The tool does seem to have some use. With your help we'll find out how much.
For now we'll do the following.
Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\kavo0.dll
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new DSS log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Now do the following registry fix
Back up your registry with erunt first
WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine
REGISTRY FIX
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbc6c60-9713-11dc-aedf-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
Make sure the save in box is set to desktop
This will create a fix.reg file on your desktop (http://img127.imageshack.us/img127/433/regtg8.jpg)
To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
Do the manual reset of the registry keys that you did before.
Also find and remove all the AUTORUN.INF per the instructions you found earlier.
I just want to verify that the program you used did reset all the reg keys and removed the autorun.inf
Turn off system retsore and reboot your computer. Do not use any usb storage devices for now, I'm interested in how well this program works. We'll look at your usb after.
After you reboot run DSS again and post the log. No need for a hijackthis log.
If you have any problems, let me know.
-
hi Oldman,
initially it didn't manage to erase the kavo.dll in the C/windows/prefetch but few hours later, the autorun came up again
but this time it only shown as autorun.inf without the drive letter of G and avast manage to catch it n were moved into
the chest. it only runs once.
after it has been successfully moved into the chest by avast, the kavo.dll at C/windows/prefetch are no longer exist.
its seems to be quite successful in killing this kavo.
i'll try to download the OTMoveIT as per your instruction to confirm the effectiveness of this kavo remover file.
will sumit my report to u again once i've finished the scanning.
thx Oldman for your effort n time for going thru my log file.
regards
michaelong
-
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-28 14:58:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 3.23 GiB (less than 15%) free.
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:26 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7857 bytes
-
-- Files created between 2007-10-28 and 2007-11-28 -----------------------------
2007-11-27 21:31:16 0 d-------- C:\EFix
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59 0 d-------- C:\My Downloads
2007-11-27 07:36:57 0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d-------- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39 0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08 0 d-------- C:\TODC
2007-10-31 07:32:38 0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31 0 d-------- C:\HOD3
2007-10-28 17:26:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 17:05:53 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 17:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-10-28 16:57:11 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:18 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:26:52 0 dr------- C:\Program Files\mike holidays
2007-10-28 01:15:31 0 d-------- C:\notes 20_10
2007-10-28 00:26:03 0 dr------- C:\Program Files\wmv
2007-10-28 00:02:05 0 d-------- C:\Program Files\video hp
-- Find3M Report ---------------------------------------------------------------
2007-11-25 10:25:50 46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-27 23:46:12 0 d-------- C:\Program Files\video
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02 0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30 0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02 0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
- F:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
open\Command- F:\ntdelect.com
-- End of Deckard's System Scanner: finished at 2007-11-28 14:58:53 ------------
-
hi Oldman,
i've done as instructed by u like running OTMoveit , followed by pasting the kavo file which is longer found by OTMoveit,
fixing the registry wt your key provided followed by running DSS.
during the initial report from the DSS, it found the autorn file in my E drive(i formatted it earlier bcos can't access)
and i do the deletion on whole file folder that contain the autorun. inf.
i'm also deleting those autorun file which were found at the mount2 section but during the course of delection,
i may hv erased 1 of the registry key.
i also notice a lot of those ntdelect.com key in those registry.
not sure if i should erase it or not but i delete it somehow.
after rebooting n scanning n deleting several times, the ntdelect.com key were found in the windows key that u provided
but i'm not deleting bcos that registry key were given to u by me.
on my last report, there's a remainders of ntdelect.com at the windows registry that u gave which i leave it for u to study.
hope this information might help u locate the error or damage that i've done to my reg key.
currently my windows boot without error n seems to be quite fast too.
a million thx to u Oldman for all your painstaking that i'm causing u.
with best regards
michaelong
-
hi michaelong
Please follow the instructions for manual cleanup of the keys as outlined here
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.JRC&VSect=Sn
Some keys will have all ready been changed, but change the ones that haven't been.
one more registry fix, just do it like you did before
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
Do the manual cleanup of the keys first, ok.
after you are done please post 1 more DSS scan.
-
hi Oldman,
i've done the manual fix as guided by
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.JRC&VSect=Sn
and found that only hidden n autorun value were changed. the rest remain were intact.
instead of manual clean up of this ntdelect.com key, i went to the extent of deleting the whole registry key
that were quoted by u thinking that i'll able to restore it back.
unfortunately the registry that u provided
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
were lost n i'm unable to restore it back.
i'm submitting my latest DSS log file to u as requested.
-
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-29 04:09:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 1.49 GiB (less than 15%) free.
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:20 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7947 bytes
-
-- Files created between 2007-10-29 and 2007-11-29 -----------------------------
2007-11-28 16:31:52 0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16 0 d-------- C:\EFix
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59 0 d-------- C:\My Downloads
2007-11-27 07:36:57 0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d-------- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39 0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08 0 d-------- C:\TODC
2007-10-31 07:32:38 0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31 0 d-------- C:\HOD3
-- Find3M Report ---------------------------------------------------------------
2007-11-25 10:25:50 46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-28 17:05:54 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48 0 dr------- C:\Program Files\mike holidays
2007-10-28 00:50:56 0 dr------- C:\Program Files\wmv
2007-10-28 00:02:06 0 d-------- C:\Program Files\video hp
2007-10-27 23:46:12 0 d-------- C:\Program Files\video
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02 0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30 0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02 0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-11-29 04:09:47 ------------
-
hi Oldman,
forgot to inform u that i cant find this
HKEY_CLASSES_ROOT>AutoRun>2>Shell>open>Command
in my registry key.
i just check my C:drive n out of sudden a lots of hidden files n folders were shown out(previouly none)
and one of them is the MS DOS application name NTDELECT.COM(47kb).
should i delete this file too?
in a lost now as i may hv done a lot of error to my pc now bcos of not properly follow ur instruction.
as at now, my pc still boot n runs normally.
hope i'm giving u a clear information in troubleshooting the error on my pc.
-
Hi
What is the error you are recieving?
NTDELECT.COM
I'd move it to the chest.
right click the "a" icon, select start avast, click on the chest
in the chest, click users button
right click in the white window and select add
browse to the NTDELECT.COM(47kb) file, click on it and then click add.
once the file is in the chest, you'll see it in the window, close the chest
Now go and delete the file.
In windows explorer, click tools, folder options, view tab
-uncheck Show hidden files and folders.
-check Hide protected operating system files (recommended)
As for the reg key. Is this the one that you thought you deleted? I'll have to look it up and see if it's required. I'll get back to you on that.
The log looks fine.
Open OTMOVEIT then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.
-
hi Oldman.
as instructed, i've moved the NTDELECT,COM into virus chest followed by manual deletion of this file from my C:drive then proceed wt the uncheck of my hidden file.
then i'm using the OTMoveIT to do the clean up. after the clean up were done, it request for a reboot
which i click yes.
from then on, my pc were unable to boot into windows wt no error message display.
it keeps restart but unable to boot into windows.
i'm now login from my frens pc.
need help badly now.
thanks
michaelong
p/s: might be inconvenience for me to follow your advice if i can log in wt my own pc.
-
Did you get the right file as there is a legitimate file called NTDETECT.COM which starts your system
http://pcsupport.about.com/od/fixtheproblem/ht/ntldrntdetect.htm fix here
-
hi essexboy,
thanks for your quick response n your link.
indeed i've deleted the NTDELECT.COM file(MS DOS application 47kb) from my C:drive
thought it was a virus. :( ???
-
Look very carefully at the spelling in your post "ntde L ect" and essexboy's "ntde T ect". If the file was spelled like essexboy's then that was a windows file.
Do you or your friend have a xp cd?
-
hi Oldman,
now i start to recall that it seems like NTDETECT.COM n not NTDELECT.com.
think i i've deleted it wrongly.
got a phobia towards those words start wt NT.COM
i got the cd on hand but i've forgotten the admin password
which stopped me from doing the neccessary reinstallation of those missing file.
any other option beside the recovery console?
thx Oldman for your quick reply. ;D ;D
-
Can't remember the pass word, hey. Can understand the phobia.
Well if you are sure your friend's computer is clean, you could put your hd in his as a slave drive and copy the file. I think, ??? I'll have to check with some others just to make certain that will work. So wait till you hear from me, ok?
-
hi Oldman,
i'm thinking of doing the repair instead of recovery since i cant remember the passwords.
will let u know when i'm done wt the repair.
not sure if the cd compatible bcos previously i installed the windows wt my original acer recovery cd sp1.
i'm now using the xp sp2 oem retail for the repair.
til then, i'm off to my repairs. ;D
-
I don't know if that will work, your system is oem,so the authentication number will be different.
Is your computer capble of using floppys? I have a ntfs bootdisk capable of read/write. I can send it to you by e-mail
-
hi Oldman,
it works, when i enter my oem cd key.
as for floppy, sad to say that it wasn't supported on my laptop.
anyway, i'm now halfway wt my repairing but it seems to be taking ages.... :-\ :-\
dont know whats wrong...felt like more than an hours already n still not yet done.
-
argh Oldman, landing myself into deeper problem.
finally when the windows repair process done, it boot into windows and request for activation
which i did but it doesnt recognise my oem cd key.
i cant log on into windows now.
what can i do now.
pls help.
-
That's what I tried to warn you about. oem and retail don't mix. I was posting to tell you that I also have an iso (cd) version that probably would have worked.
I think you are going to have to use your acer cd to restore it back to factory, which means a reformat.
Before you do that I think if you use the number on the cd, the repair will work and you can get your stuff off the computer and restore it later.
If you chose repair all of your personal stuff will be intact.
-
hi Oldman,
will try to repair wt the original recovery cd(4 cds) but seems to recall(if i'm not mistaken) that no cd keys were needed during installation.
forgot if there is a repair option provided.
scared of not being able to back up if the oem cd does not provide this option.
mean time, i'll wait for your further advice before proceed wt the repairing.
been making too many mistakes from bad to worst.
thanks for your advice n curse myself for not heeding your advice earlier.
regards
michaelong
-
I don't believe oems have a repair feature, just a recovery. Everything on your computer will be lost. The computer will be set back to like the day it was brand new.
If you have the name of the cd and computer model number. I can go look if there is a repair feature though.
-
hi Oldman,
acer aspire 2020
model no CL32
os: xp home
hope the above info helps,
thanks
michaelong
-
hi Oldman,
i've manage to boot into windows now.
can i give u a private message instead here.
thanks
michaelong
-
sure pm away :D
-
hi Oldman,
here's my latest DSS scanned,
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-29 11:51:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 2.5 GiB (less than 15%) free.
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:04 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 7683 bytes
-
-- Files created between 2007-10-29 and 2007-11-29 -----------------------------
2007-11-29 10:54:31 0 d-------- C:\WINDOWS\LastGood
2007-11-29 10:30:41 5632 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-11-29 08:51:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-29 08:47:37 0 d-------- C:\WINDOWS\Prefetch
2007-11-29 08:36:21 0 --a------ C:\CONFIG.SYS
2007-11-29 08:36:21 0 --a------ C:\AUTOEXEC.BAT
2007-11-29 04:36:20 0 d--h----- C:\WINDOWS\PIF
2007-11-28 16:31:52 0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16 0 d-------- C:\EFix
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59 0 d-------- C:\My Downloads
2007-11-27 07:36:57 0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d-------- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39 0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08 0 d-------- C:\TODC
2007-10-31 07:32:38 0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31 0 d-------- C:\HOD3
-- Find3M Report ---------------------------------------------------------------
2007-11-29 08:24:02 22736 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-25 10:25:50 46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-28 17:05:54 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48 0 dr------- C:\Program Files\mike holidays
2007-10-28 00:50:56 0 dr------- C:\Program Files\wmv
2007-10-28 00:02:06 0 d-------- C:\Program Files\video hp
2007-10-27 23:46:12 0 d-------- C:\Program Files\video
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02 0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30 0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02 0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/06/2005 11:15 AM 5632 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2007-11-29 11:51:35 ------------
-
looks good, and sorry about the ntdetect :-[
I'll pm you some other info,
-
hi Oldman,
u shouldn't feel bad,
it wasn't your mistakes, u done no wrong,
it just that i wasnt looking clearly between ''T" n "L",
somemore it just pop up into C:drive after i've finished wt my scanned.
i just PM.
thanks
michaelong
-
hi Oldman,
after my repairs n reinstall my previous registry which were formerly back up by erunt during the corrupt time,
i'm now back to square 1 wt the kavo file in my registry.
i'll be running the DSS scan again.
seems like a lot of ppl start to get infected wt this autorun virus.
my fren who infected me wt this virus( got it thru flash drive), he d/l the avg n manage to catch the this autorun
virus(kavo) from the registry as well as other that's related to kavo but unable to modify the reg as instructed here
''
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced
Hidden = "2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced
ShowSuperHidden = "0"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun = "91"
from the look at his result as to compare to mine,
it seems the avg are more suitable in getting rid of this autorun virus(kavo).
regards
michaelong
-
hi Oldman ;D,
saw a quote
''I had this malware in my computer and avast couldn't detect it. I don't know if avast detects malware or is it just a plain antivirus program and picks up just viruses. I had this Kavo.exe and as far as I was concerned it is deemed dangerous from the sources on the internet.
KAVO.EXE is Troj/Lineag-AW. I couldn't get rid of it even after formatting my C: as it resides in the registry.
What I am thinking is if someone could tell me .... if avast isn't designed for this kinda threat? Or is avast a trustworthy antivirus.
If someone could shed some light I'd be really grateful''
is it true that even reformat also won't be able to kill this kavo virus?
if it is, can u pls explain to all of us here so that together we'll find the solution to this virus problem instead of taking the easier ways
like formatting yet still being infected.
since i've make plenty of mess out of my windows, i dont think i'll be able to provide u an information as it would very accurate
now to study base on my current situation.
though kavo.exe has been deleted by the kavo fix, the autorun still pop up over time but mostly thru skype!
i know my system is still infected n far from being clean like recently i wont be able to open the ''show the hidden file'' folder,
it seems to be locked.
is there any other option i can activate ''the show hidden file'' folder? it's not working too when in safe mode.
lookinh forward to get some advice fr u,
thanks Oldman for not giving up on us,
regards,
michaelong
P/s: submitting my latest DSS scanned log for your kind perusal
-
Deckard's System Scanner v20071014.68
Run by myself on 2007-12-06 09:22:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 1 Restore Point(s) --
1: 2007-12-06 01:22:37 UTC - RP18 - Deckard's System Scanner Restore Point
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:11 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196901904953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
--
End of file - 8443 bytes
-
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071206-084003-930 O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 BTPCCARD (Bluetooth BCSP Transport for Pc Card) - c:\windows\system32\drivers\btpcbcsp.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2007-11-26 18:54:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-11-06 and 2007-12-06 -----------------------------
2007-12-06 09:09:43 5632 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-12-05 15:08:15 0 d-------- C:\Documents and Settings\myself\Application Data\Help
2007-12-05 14:57:21 0 d-------- C:\Program Files\YouTube Downloader
2007-12-03 21:22:37 0 d--h----- C:\Program Files\mv coll 1
2007-12-03 13:19:55 0 d-------- C:\Program Files\WIDCOMM
2007-12-03 10:19:45 0 dr-hs---- C:\autorun.inf
2007-12-03 10:10:43 92672 -----n--- C:\WINDOWS\system32\kavo1.dll
2007-12-03 07:05:11 0 d--h----- C:\Program Files\mv coll
2007-12-02 17:41:57 0 d-------- C:\WINDOWS\pss
2007-12-01 17:15:58 0 d-------- C:\Program Files\MSXML 6.0
2007-12-01 17:15:36 0 d-------- C:\Program Files\MSXML 4.0
2007-11-30 16:49:10 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-30 16:02:27 0 d-------- C:\WINDOWS\system32\Profiles
2007-11-30 16:02:01 65536 --a------ C:\CoronaWmiLogFile
2007-11-30 09:37:40 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-30 06:42:43 0 d-------- C:\WINDOWS\Prefetch
2007-11-30 01:05:56 0 d-------- C:\WINDOWS\Network Diagnostic
2007-11-30 01:05:56 0 d-------- C:\WINDOWS\l2schemas
2007-11-29 15:08:35 0 d-------- C:\CRACK
2007-11-29 10:32:22 4456448 --a------ C:\Documents and Settings\myself\NTUSER.DAT
2007-11-29 10:32:20 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-29 08:51:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-29 08:36:21 0 --a------ C:\CONFIG.SYS
2007-11-29 08:36:21 0 --a------ C:\AUTOEXEC.BAT
2007-11-29 04:36:20 0 d--h----- C:\WINDOWS\PIF
2007-11-28 16:31:52 0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16 0 d-------- C:\EFix
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59 0 d-------- C:\My Downloads
2007-11-27 07:36:57 0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d--h----- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d--h----- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
-
-- Find3M Report ---------------------------------------------------------------
2007-12-05 18:48:38 46 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 06:16:52 22780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-03 00:27:40 0 d-------- C:\Program Files\Apple Software Update
2007-11-01 02:25:18 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:16 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-28 17:05:54 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48 0 dr------- C:\Program Files\mike holidays
2007-10-28 00:02:06 0 d--h----- C:\Program Files\video hp
2007-10-27 23:46:12 0 d--h----- C:\Program Files\video
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:00 PM C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/06/2005 11:15 AM 5632 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
- E:\ntdelect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com
-- End of Deckard's System Scanner: finished at 2007-12-06 09:23:46 ------------
-
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 511.48 MiB / 265.49 MiB
Pagefile Memory (total/avail): 1249.34 MiB / 984.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.14 MiB
C: is Fixed (FAT32) - 54.98 GiB total, 10.15 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 0.87 GiB total, 0.02 GiB free.
\\.\PHYSICALDRIVE0 - HTS541060G9AT00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 55.01 GiB - C:
\PARTITION1 - Installable File System - 894.24 MiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: avast! antivirus 4.7.1043 [VPS 071205-2] v4.7.1043 (ALWIL Software)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Xider\\EsR\\Game.exe"="C:\\Program Files\\Xider\\EsR\\Game.exe:*:Enabled:Game"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\myself\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-D137MZMHOW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\myself
LOGONSERVER=\\ACER-D137MZMHOW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\myself\LOCALS~1\Temp
TMP=C:\DOCUME~1\myself\LOCALS~1\Temp
USERDOMAIN=ACER-D137MZMHOW
USERNAME=myself
USERPROFILE=C:\Documents and Settings\myself
windir=C:\WINDOWS
-
-- User Profiles ---------------------------------------------------------------
myself (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ËÀÍöÖ®ÎÝ3 °²×°³ÌÐò --> C:\HOD3\UNWISE.EXE C:\HOD3\INSTALL.LOG
ËÀÍö´ò×ÖÔ± °²×°³ÌÐò --> C:\TODC\UNWISE.EXE C:\TODC\INSTALL.LOG
ËÀÍö¹íÎÝ °²×°³ÌÐò --> C:\EAIÖ1IIY\UNWISE.EXE C:\EAIÖ1IIY\INSTALL.LOG
5 Spots II --> C:\Program Files\reflexive games\5 Spots II\UNWISE.EXE C:\Program Files\reflexive games\5 Spots II\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems AC'97 Modem --> agrsmdel
Air Strike II Gulf Thunder --> C:\Program Files\reflexive games\Air Strike II Gulf Thunder\UNWISE.EXE C:\Program Files\reflexive games\Air Strike II Gulf Thunder\INSTALL.LOG
Alien Shooter --> C:\Program Files\reflexive games\Alien Shooter\UNWISE.EXE C:\Program Files\reflexive games\Alien Shooter\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspire Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Aspire Series --> C:\Program Files\Aspire Series\uninstall.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Bengal - Game of Gods (remove only) --> C:\Program Files\GameHouse\Bengal - Game of Gods\Uninstall.exe
Big Kahuna Reef --> C:\Program Files\GameHouse\Big Kahuna Reef\UNWISE.EXE C:\Program Files\GameHouse\Big Kahuna Reef\INSTALL.LOG
Big Kahuna Reef 2 - Chain Reaction --> "C:\Program Files\reflexive games\Big Kahuna Reef 2\ReflexiveArcade\unins000.exe"
Casino Island To Go --> "C:\Program Files\reflexive games\Casino Island To Go\ReflexiveArcade\unins000.exe"
Chicken Attack (remove only) --> C:\Program Files\GameHouse\Chicken Attack\Uninstall.exe
Chuzzle Deluxe --> "C:\Program Files\reflexive games\Chuzzle Deluxe\unins000.exe"
CRW Series Driver v1.17r019 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39AE0413-CEFC-4559-AC5F-855A1C006D2F}\SETUP.EXE" -l0x9
Cubis Gold 2 --> C:\PROGRA~1\GAMEHO~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\GAMEHO~1\CUBISG~1\INSTALL.LOG
Cute Knight --> "C:\Program Files\reflexive games\Cute Knight\ReflexiveArcade\unins000.exe"
Deep Sea Tycoon 2 --> "C:\Program Files\reflexive games\Deep Sea Tycoon 2\unins000.exe"
Dynomite --> C:\Program Files\PopCap Games\Dynomite\UNWISE.EXE C:\Program Files\PopCap Games\Dynomite\INSTALL.LOG
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
EsR 1.0 --> C:\PROGRA~1\Xider\EsR\Setup.exe /remove
FeedingFrenzy --> C:\Program Files\GameHouse\FeedingFrenzy\UNWISE.EXE C:\Program Files\GameHouse\FeedingFrenzy\INSTALL.LOG
Fishing Trip --> "C:\Program Files\reflexive games\Fishing Trip\unins000.exe"
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Golf Adventure Galaxy --> C:\Program Files\reflexive games\Golf Adventure Galaxy\UNWISE.EXE C:\Program Files\reflexive games\Golf Adventure Galaxy\INSTALL.LOG
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Gutterball 2 --> C:\Program Files\GameHouse\Gutterball 2\UNWISE.EXE C:\Program Files\GameHouse\Gutterball 2\INSTALL.LOG
Hammer Heads 1.0 --> C:\Program Files\PopCap Games\Hammer Heads Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Hammer Heads Deluxe\Install.log"
Heavy Weapon Deluxe --> C:\Program Files\PopCap Games\Heavy Weapon\UNWISE.EXE C:\Program Files\PopCap Games\Heavy Weapon\INSTALL.LOG
Hidden Expedition Titanic (remove only) --> C:\Program Files\GameHouse\Hidden Expedition Titanic\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
-
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JETFIGHTER 2015 --> "C:\Program Files\Global Star Software\JETFIGHTER 2015\Uninstall.exe" "C:\Program Files\Global Star Software\JETFIGHTER 2015\install.log"
Launch Manager --> C:\WINDOWS\UnInst32.exe CPLFL32.UNI
Magic Ball 2 --> C:\Program Files\GameHouse\Magic Ball 2\UNWISE.EXE C:\Program Files\GameHouse\Magic Ball 2\INSTALL.LOG
Magic Vines --> C:\Program Files\GameHouse\Magic Vines\UNWISE.EXE C:\Program Files\GameHouse\Magic Vines\INSTALL.LOG
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mummy Maze Deluxe --> C:\Program Files\PopCap Games\Mummy Maze Deluxe\UNWISE.EXE C:\Program Files\PopCap Games\Mummy Maze Deluxe\INSTALL.LOG
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Off Road Arena --> "C:\Program Files\reflexive games\Off Road Arena\unins000.exe"
Platypus --> C:\Program Files\GameHouse\Platypus\UNWISE.EXE C:\Program Files\GameHouse\Platypus\INSTALL.LOG
Poker Superstars --> C:\PROGRA~1\GAMEHO~1\POKERS~1\UNWISE.EXE C:\PROGRA~1\GAMEHO~1\POKERS~1\INSTALL.LOG
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rocket Bowl --> C:\Program Files\reflexive games\Rocket Bowl\UNWISE.EXE C:\Program Files\reflexive games\Rocket Bowl\INSTALL.LOG
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC IrCC Driver V5.1.2462.0 (WinXP) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC86822D-3A20-11D5-801B-00E029348F40}\setup.exe"
Snail Mail --> C:\Program Files\reflexive games\Snail Mail\UNWISE.EXE C:\Program Files\reflexive games\Snail Mail\INSTALL.LOG
Snowy Puzzle Islands --> C:\Program Files\reflexive games\Snowy Puzzle Islands\UNWISE.EXE C:\Program Files\reflexive games\Snowy Puzzle Islands\INSTALL.LOG
Spin & Win --> C:\Program Files\reflexive games\Spin & Win\UNWISE.EXE C:\Program Files\reflexive games\Spin & Win\INSTALL.LOG
SpongeBob Collapse --> C:\Program Files\GameHouse\SpongeBob Collapse\UNWISE.EXE C:\Program Files\GameHouse\SpongeBob Collapse\INSTALL.LOG
Super Jigsaw --> C:\Program Files\GameHouse\Super Jigsaw\UNWISE.EXE C:\Program Files\GameHouse\Super Jigsaw\INSTALL.LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamUp --> C:\Program Files\reflexive games\TeamUp\UNWISE.EXE C:\Program Files\reflexive games\TeamUp\INSTALL.LOG
Tradewinds 2 --> "C:\Program Files\reflexive games\Tradewinds 2\unins000.exe"
Traffic Jam Extreme --> C:\Program Files\reflexive games\Traffic Jam Extreme\UNWISE.EXE C:\Program Files\reflexive games\Traffic Jam Extreme\INSTALL.LOG
Tropix --> C:\PROGRA~1\GAMEHO~1\TROPIX\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TROPIX\INSTALL.LOG
Virtual Villagers (remove only) --> C:\Program Files\GameHouse\Virtual Villagers\Uninstall.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Wik And The Fable Of Souls --> C:\Program Files\reflexive games\Wik And The Fable Of Souls\UNWISE.EXE C:\Program Files\reflexive games\Wik And The Fable Of Souls\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WM Converter 2.0 --> C:\Program Files\WM Converter\Uninstal.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
-
-- Application Event Log -------------------------------------------------------
Event Record #/Type179 / Error
Event Submitted/Written: 12/06/2007 09:06:50 AM
Event ID/Source: 1009 / Windows Product Activation
Event Description:
You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone.
Event Record #/Type178 / Warning
Event Submitted/Written: 12/06/2007 09:06:40 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.
Event Record #/Type177 / Warning
Event Submitted/Written: 12/06/2007 09:06:31 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.
Event Record #/Type176 / Warning
Event Submitted/Written: 12/06/2007 09:05:06 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.
Event Record #/Type159 / Error
Event Submitted/Written: 12/05/2007 07:14:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0001feab.
Processing media-specific event for [iexplore.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1930 / Warning
Event Submitted/Written: 12/06/2007 09:11:30 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023F17A308. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1923 / Error
Event Submitted/Written: 12/06/2007 09:10:18 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type1922 / Error
Event Submitted/Written: 12/06/2007 09:09:44 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Event Record #/Type1921 / Error
Event Submitted/Written: 12/06/2007 09:09:44 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Event Record #/Type1920 / Error
Event Submitted/Written: 12/06/2007 09:09:44 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31
-- End of Deckard's System Scanner: finished at 2007-12-06 09:23:46 ------------
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:21 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196901904953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
--
End of file - 8401 bytes
-
hi Oldmn,
finally able to open my hidden files, my reg has been modified.
''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = "0"
(Note: The default value data for the said registry entry is 1.)''
this is the cause for not able to access the hidden files folder.
regards
michaelong
-
Hi
go to add/remove programs and uninstall this if found
Bearflix
You have one instance of kavo
check Show hidden files and folders
uncheck "Hide extensions for known file types" box
uncheck "Hide protecting operating system files" box
Do a search for kavo1.dll in the C:\windows\system32 folder and delete it.
Search C:\ for the autorun autorun.inf
open it with notepad and confirm that it has ntdelect in it. if it does then delete it.
do the same with any others you find.
Do the manual check of the registry as outlined in the manual removal instructions.
While in the registry delete these two keys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
-
hi Oldman,
thx for your quick reply,
indeed the kavo1.dll were found in the ''C:\windows\system32 folder '' as well as the reg key that were provided by u.
all the above virus has been deleted n the bear flix has been uninstalled.
unfortunately i'm unable to locate the ''autorun.inf'' wt the ntdelect in it though i've unchecked all the hide ext.
seems like i've manage to delete all the autorun.inf file( i think so ;D)
BRAVO Oldman,
felt like my system is quite clean now.
a big thanks for your effort
-
hi Oldman, just borrow from my friend his laptop which also infected wt ''Autorun.inf virus (kavo.exe).
it was infected thru me(flash drive) when i transfer the songs to him.
ever since of the last mess that i've done to my pc,
i'm not going to touch his pc until i get a proper instruction to do it the right way.
as for his pc, am i allow to open a new thread to analyse wt u?
hopefully we can start over again for this kavo virus wt new analysis n solution.
if u ok it, i'll start by running HJT n DSS to start wt.
best regards
michaelong
-
Deckard's System Scanner v20071014.68
Run by myself on 2007-12-06 16:35:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as myself.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:31 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196901904953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
--
End of file - 8687 bytes
-
-- Files created between 2007-11-06 and 2007-12-06 -----------------------------
2007-12-06 11:32:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 11:32:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 11:32:09 0 d-------- C:\Documents and Settings\myself\Application Data\SUPERAntiSpyware.com
2007-12-06 09:09:43 5632 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-12-05 15:08:15 0 d-------- C:\Documents and Settings\myself\Application Data\Help
2007-12-05 14:57:21 0 d-------- C:\Program Files\YouTube Downloader
2007-12-03 21:22:37 0 d--h----- C:\Program Files\mv coll 1
2007-12-03 13:19:55 0 d-------- C:\Program Files\WIDCOMM
2007-12-03 10:19:45 0 dr-hs---- C:\autorun.inf
2007-12-03 07:05:11 0 d--h----- C:\Program Files\mv coll
2007-12-02 17:41:57 0 d-------- C:\WINDOWS\pss
2007-12-01 17:15:58 0 d-------- C:\Program Files\MSXML 6.0
2007-12-01 17:15:36 0 d-------- C:\Program Files\MSXML 4.0
2007-11-30 16:49:10 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-30 16:02:27 0 d-------- C:\WINDOWS\system32\Profiles
2007-11-30 16:02:01 65536 --a------ C:\CoronaWmiLogFile
2007-11-30 09:37:40 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-30 06:42:43 0 d-------- C:\WINDOWS\Prefetch
2007-11-30 01:05:56 0 d-------- C:\WINDOWS\Network Diagnostic
2007-11-30 01:05:56 0 d-------- C:\WINDOWS\l2schemas
2007-11-29 15:08:35 0 d-------- C:\CRACK
2007-11-29 10:32:22 4456448 --a------ C:\Documents and Settings\myself\NTUSER.DAT
2007-11-29 10:32:20 233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-29 08:51:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-29 08:36:21 0 --a------ C:\CONFIG.SYS
2007-11-29 08:36:21 0 --a------ C:\AUTOEXEC.BAT
2007-11-29 04:36:20 0 d--h----- C:\WINDOWS\PIF
2007-11-28 16:31:52 0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18 17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16 0 d-------- C:\EFix
2007-11-27 09:12:34 0 d-------- C:\Program Files\Trend Micro
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35 1048576 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-11-26 09:15:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12 0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40 0 d--h----- C:\Program Files\ms 10
2007-11-16 05:13:13 0 d--h----- C:\Program Files\m
2007-11-12 01:16:51 0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30 0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13 0 d-------- C:\Program Files\Xider
-- Find3M Report ---------------------------------------------------------------
2007-12-05 18:48:38 46 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 06:16:52 22780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-03 00:27:40 0 d-------- C:\Program Files\Apple Software Update
2007-11-01 02:25:18 0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:16 0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-28 17:05:54 0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12 0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20 0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48 0 dr------- C:\Program Files\mike holidays
2007-10-28 00:02:06 0 d--h----- C:\Program Files\video hp
2007-10-27 23:46:12 0 d--h----- C:\Program Files\video
2007-10-25 13:03:44 4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 08:54:28 0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24 0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26 0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40 0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22 0 dr------- C:\Program Files\scenery
2007-10-24 18:12:58 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22 0 dr------- C:\Program Files\songs
2007-10-24 09:50:44 0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30 0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52 0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12 0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16 0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58 0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30 0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26 0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44 278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10 0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48 0 d-------- C:\Program Files\Real
2007-10-22 09:20:48 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38 0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12 0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08 0 d-------- C:\Program Files\Google
2007-10-22 09:19:04 0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02 0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08 0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06 0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:03:24 0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50 0 d-------- C:\Documents and Settings\myself\Application Data\Google
-
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:00 PM C:\WINDOWS\system32\bthprops.cpl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups
C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/06/2005 11:15 AM 5632 C:\WINDOWS\system32\antiwpa.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- End of Deckard's System Scanner: finished at 2007-12-06 16:35:57 ------------