« previous next »
Pages: 1 [2] 3 4 5   Go Down

Author Topic: help...OLDMAN, i'm creating a new thread as advised by u  (Read 39034 times)

0 Members and 1 Guest are viewing this topic.

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #15 on: November 27, 2007, 03:52:16 PM »
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-27 22:50:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.7 GiB (less than 15%) free.


-- HijackThis (run as myself.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:23 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7989 bytes
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #16 on: November 27, 2007, 04:01:00 PM »
-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

2007-11-27 21:31:16         0 d-------- C:\EFix
2007-11-27 20:47:31     92672 -----n--- C:\WINDOWS\system32\kavo0.dll
2007-11-27 09:12:34         0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59         0 d-------- C:\My Downloads
2007-11-27 07:36:57         0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36         0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35   1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12         0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40         0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13         0 d-------- C:\Program Files\m
2007-11-12 01:16:51         0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49         0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30         0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13         0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39         0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45     94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45     15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16         0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14         0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08         0 d-------- C:\TODC
2007-10-31 07:32:38         0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31         0 d-------- C:\HOD3
2007-10-28 17:26:20         0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 17:05:53         0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 17:05:45         0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-10-28 16:57:11         0 d-------- C:\Program Files\BFG
2007-10-28 01:43:18         0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:26:52         0 dr------- C:\Program Files\mike holidays
2007-10-28 01:15:31         0 d-------- C:\notes 20_10
2007-10-28 00:26:03         0 dr------- C:\Program Files\wmv
2007-10-28 00:02:05         0 d-------- C:\Program Files\video hp
2007-10-27 23:46:11         0 d-------- C:\Program Files\video


-- Find3M Report ---------------------------------------------------------------

2007-11-25 10:25:50        46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-25 13:03:44      4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02         0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28         0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24         0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26         0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40         0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22         0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30         0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58         0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22         0 dr------- C:\Program Files\songs
2007-10-24 09:50:44         0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34         0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30         0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10         0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52         0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12         0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08         0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16         0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58         0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30         0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30         0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26         0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44    203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10         0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48         0 d-------- C:\Program Files\Real
2007-10-22 09:20:48         0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38         0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12         0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08         0 d-------- C:\Program Files\Google
2007-10-22 09:19:04         0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02         0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08         0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06         0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02         0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24         0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50         0 d-------- C:\Documents and Settings\myself\Application Data\Google
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #17 on: November 27, 2007, 04:02:04 PM »
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\ntdelect.com
explore\Command- E:\ntdelect.com
open\Command- E:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
AutoRun\command- E:\ntdelect.com
explore\Command- E:\ntdelect.com
open\Command- E:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
AutoRun\command- F:\ntdelect.com
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbc6c60-9713-11dc-aedf-806d6172696f}]
AutoRun\command- ntdelect.com
explore\Command- ntdelect.com
open\Command- ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
AutoRun\command- F:\ntdelect.com
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com




-- End of Deckard's System Scanner: finished at 2007-11-27 22:50:49 ------------

Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #18 on: November 27, 2007, 04:05:49 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:16 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7920 bytes
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #19 on: November 27, 2007, 04:06:54 PM »
* Trend Micro HijackThis v2.0.2 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

 R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
 F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
 N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
 O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
 * Added O23 (NT Services) in light of newer trojans
 * Integrated ADS Spy into Misc Tools section
 * Added 'Action taken' to info in 'More info on this item'
[v1.98]
 * Definitive support for Japanese/Chinese/Korean systems
 * Added O20 (AppInit_DLLs) in light of newer trojans
 * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
 * Added O22 (SharedTaskScheduler) in light of newer trojans
 * Backups of fixed items are now saved in separate folder
 * HijackThis now checks if it was started from a temp folder
 * Added a small process manager (Misc Tools section)
[v1.96]
 * Lots of bugfixes and small enhancements! Among others:
 * Fix for Japanese IE toolbars
 * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
 * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
 * Added several files to the LSP whitelist
 * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
 * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
 * Added a new regval to check for from Whazit hijack (Start Page_bak).
 * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
 * New in logfile: Running processes at time of scan.
 * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
 * New O19 method to check for Datanotary hijack of user stylesheet.
 * Google.com IP added to whitelist for Hosts file check.
[v1.94]
 * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
 * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
 * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
 * Fixed a bug where DPF could not be deleted.
 * Fixed a stupid bug in enumeration of autostarting shortcuts.
 * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
 * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
 * Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
 * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
 * Fixed a bug in LSP routine for Win95.
 * Made taborder nicer.
 * Fixed a bug in backup/restore of IE plugins.
 * Added UltimateSearch hijack in O17 method (I think).
 * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
 * Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
 * Fixed two stupid bugs in backup restore function.
 * Added DiamondCS file to LSP files safelist.
 * Added a few more items to the protocol safelist.
 * Log is now opened immediately after saving.
 * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
 * Updated integrated StartupList to v1.52.
 * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
 * Rudimentary proxy support for the Check for Updates function.
[v1.91]
 * Added rd.yahoo.com to the Nonstandard But Safe Domains list.
 * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
 * Added listing of programs/links in Startup folders (O4).
 * Fixed 'Check for Update' not detecting new versions.
[v1.9]
 * Added check for Lop.com 'Domain' hijack (O17).
 * Bugfix in URLSearchHook (R3) fix.
 * Improved O1 (Hosts file) check.
 * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
 * Added AutoConfigURL and proxyserver checks (R1).
 * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
 * Added check for extra protocols (O18).
[v1.81]
 * Added 'ignore non-standard but safe domains' option.
 * Improved Winsock LSP hijackers detection.
 * Integrated StartupList updated to v1.4.
[v1.8]
 * Fixed a few bugs.
 * Adds detecting of free.aol.com in Trusted Zone.
 * Adds checking of URLSearchHooks key, which should have only one value.
 * Adds listing/deleting of Download Program Files.
 * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
 * Improves detecting of O6.
 * Some internal changes/improvements.
[v1.7]
 * Adds backup function! Yay!
 * Added check for default URL prefix
 * Added check for changing of IERESET.INF
 * Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
 * Fixes Runtime Error when Hosts file is empty.
[v1.6]
 * Added enumerating of MSIE plugins
 * Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
 * Adds 'Uninstall & Exit' and 'Check for update online' functions.
 * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
 * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
 * A few bugfixes/enhancements
[v1.3]
 * Adds detecting of extra MSIE context menu items
 * Added detecting of extra 'Tools' menu items and extra buttons
 * Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
 * Adds 'Ignorelist' and 'Info' functions
[v1.1]
 * Supports BHO's, some default URL changes
[v1.0]
 * Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #20 on: November 27, 2007, 05:27:05 PM »
I can't say for 100% that it did work completely, but you are going to help me find out.  ;D  8)

After the 2 little quick fixes, I want you to do the manual procedure that you did before. Making changes as needed.  :)

 It did remove kavo.exe, but left a kavo.dll. Or else the .dll was recreated. Looking at the time stamp it may have been just an old one. It also left the mount points, that we can remove. The tool does seem to have some use. With your help we'll find out how much.

For now we'll do the following.

Please download the OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe by OldTimer.
Save it to your desktop.

Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

Quote
C:\WINDOWS\system32\kavo0.dll



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply with a new DSS log.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Now do the following registry fix

Back up your registry with erunt first

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX
Quote
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbc6c60-9713-11dc-aedf-806d6172696f}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]





Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file.  Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
Make sure the save in box is set to desktop
This will create a fix.reg file on your desktop

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Do the manual reset of the registry keys that you did before.

Also find and remove all the AUTORUN.INF per the instructions you found earlier.

I just want to verify that the program you used did reset all the reg keys and removed the autorun.inf

Turn off system retsore and reboot your computer. Do not use any usb storage devices for now, I'm interested in how well this program works. We'll look at your usb after.

After you reboot run DSS again and post the log. No need for a hijackthis log.

If you have any problems, let me know.








« Last Edit: November 29, 2007, 09:09:50 AM by oldman »
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #21 on: November 28, 2007, 05:56:23 AM »
hi Oldman,

initially it didn't manage to erase the kavo.dll in the C/windows/prefetch but few hours later, the autorun came up again

but this time it only shown as autorun.inf without the drive letter of G and avast manage to catch it n were moved into

the chest. it only runs once.

after it has been successfully moved into the chest by avast, the kavo.dll at C/windows/prefetch are no longer exist.

its seems to be quite successful in killing this kavo.

i'll try to download the OTMoveIT as per your instruction to confirm the effectiveness of this kavo remover file.

will sumit my report to u again once i've finished the scanning.

thx Oldman for your effort n time for going thru my log file.

regards
michaelong
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #22 on: November 28, 2007, 08:02:04 AM »
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-28 14:58:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.23 GiB (less than 15%) free.


-- HijackThis (run as myself.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:26 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7857 bytes
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #23 on: November 28, 2007, 08:03:50 AM »
-- Files created between 2007-10-28 and 2007-11-28 -----------------------------

2007-11-27 21:31:16         0 d-------- C:\EFix
2007-11-27 09:12:34         0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59         0 d-------- C:\My Downloads
2007-11-27 07:36:57         0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36         0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35   1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12         0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40         0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13         0 d-------- C:\Program Files\m
2007-11-12 01:16:51         0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49         0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30         0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13         0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39         0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45     94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45     15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16         0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14         0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08         0 d-------- C:\TODC
2007-10-31 07:32:38         0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31         0 d-------- C:\HOD3
2007-10-28 17:26:20         0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-28 17:05:53         0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 17:05:45         0 d-------- C:\Documents and Settings\All Users\Application Data\EA
2007-10-28 16:57:11         0 d-------- C:\Program Files\BFG
2007-10-28 01:43:18         0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:26:52         0 dr------- C:\Program Files\mike holidays
2007-10-28 01:15:31         0 d-------- C:\notes 20_10
2007-10-28 00:26:03         0 dr------- C:\Program Files\wmv
2007-10-28 00:02:05         0 d-------- C:\Program Files\video hp


-- Find3M Report ---------------------------------------------------------------

2007-11-25 10:25:50        46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-27 23:46:12         0 d-------- C:\Program Files\video
2007-10-25 13:03:44      4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02         0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28         0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24         0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26         0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40         0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22         0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30         0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58         0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22         0 dr------- C:\Program Files\songs
2007-10-24 09:50:44         0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34         0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30         0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10         0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52         0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12         0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08         0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16         0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58         0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30         0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30         0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26         0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44    203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10         0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48         0 d-------- C:\Program Files\Real
2007-10-22 09:20:48         0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38         0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12         0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08         0 d-------- C:\Program Files\Google
2007-10-22 09:19:04         0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02         0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08         0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06         0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02         0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24         0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50         0 d-------- C:\Documents and Settings\myself\Application Data\Google

Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #24 on: November 28, 2007, 08:04:35 AM »
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [03/31/2003 12:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 12:00 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
- F:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]
open\Command- F:\ntdelect.com




-- End of Deckard's System Scanner: finished at 2007-11-28 14:58:53 ------------

Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #25 on: November 28, 2007, 08:25:28 AM »
hi Oldman,

i've done as instructed by u like running OTMoveit , followed by pasting the kavo file which is longer found by OTMoveit,

fixing the registry wt your key provided followed by running DSS.

during the initial report from the DSS, it found the autorn file in my E drive(i formatted it earlier bcos can't access)

and i do the deletion on whole file folder that contain the autorun. inf.

i'm also deleting those autorun file which were found at the mount2 section but during the course of delection,

i may hv erased 1 of the registry key.

i also notice a lot of those ntdelect.com key in those registry.

not sure if i should erase it or not but i delete it somehow.

after rebooting n scanning n deleting several times, the ntdelect.com key were found in the windows key that u provided

but i'm not deleting bcos that registry key were given to u by me.

on my last report, there's a remainders of ntdelect.com at the windows registry that u gave which i leave it for u to study.

hope this information might help u locate the error or damage that i've done to my reg key.

currently my windows boot without error n seems to be quite fast too.

a million thx to u Oldman for all your painstaking that i'm causing u.

with best regards
michaelong
 
Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #26 on: November 28, 2007, 09:03:52 AM »
hi michaelong

Please follow the instructions for manual cleanup of the keys as outlined here

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.JRC&VSect=Sn

Some keys will have all ready been changed, but change the ones that haven't been.

one more registry fix, just do it like you did before

Quote
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]


Do the manual cleanup of the keys first, ok.

after you are done please post 1 more DSS scan.



« Last Edit: November 29, 2007, 09:14:56 AM by oldman »
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #27 on: November 28, 2007, 09:26:06 PM »
hi Oldman,

i've done the manual fix as guided by

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_ONLINEG.JRC&VSect=Sn

and found that only hidden n autorun value were changed. the rest remain were intact.

instead of manual clean up of this ntdelect.com key, i went to the extent of deleting the whole registry key

that were quoted by u thinking that i'll able to restore it back.

unfortunately the registry that u provided

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b925cbac-8af4-11dc-ac5e-000b6b581de1}]

were lost n i'm unable to restore it back.

i'm submitting my latest DSS log file to u as requested.

Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #28 on: November 28, 2007, 09:27:43 PM »
Deckard's System Scanner v20071014.68
Run by myself on 2007-11-29 04:09:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.49 GiB (less than 15%) free.


-- HijackThis (run as myself.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:20 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7947 bytes
Logged

michaelong

  • Guest
Re: help OLDMAN, i'm creating a new thread as advise by u
« Reply #29 on: November 28, 2007, 09:28:31 PM »
-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-28 16:31:52         0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18     17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16         0 d-------- C:\EFix
2007-11-27 09:12:34         0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59         0 d-------- C:\My Downloads
2007-11-27 07:36:57         0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36         0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35   1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12         0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40         0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13         0 d-------- C:\Program Files\m
2007-11-12 01:16:51         0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49         0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30         0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13         0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39         0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45     94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45     15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16         0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14         0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08         0 d-------- C:\TODC
2007-10-31 07:32:38         0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31         0 d-------- C:\HOD3


-- Find3M Report ---------------------------------------------------------------

2007-11-25 10:25:50        46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-28 17:05:54         0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12         0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20         0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48         0 dr------- C:\Program Files\mike holidays
2007-10-28 00:50:56         0 dr------- C:\Program Files\wmv
2007-10-28 00:02:06         0 d-------- C:\Program Files\video hp
2007-10-27 23:46:12         0 d-------- C:\Program Files\video
2007-10-25 13:03:44      4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02         0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28         0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24         0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26         0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40         0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22         0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30         0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58         0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22         0 dr------- C:\Program Files\songs
2007-10-24 09:50:44         0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34         0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30         0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10         0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52         0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12         0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08         0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16         0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58         0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30         0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30         0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26         0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44    203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10         0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48         0 d-------- C:\Program Files\Real
2007-10-22 09:20:48         0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38         0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12         0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08         0 d-------- C:\Program Files\Google
2007-10-22 09:19:04         0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02         0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08         0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06         0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02         0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24         0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50         0 d-------- C:\Documents and Settings\myself\Application Data\Google
Logged
Pages: 1 [2] 3 4 5   Go Up
« previous next »