« previous next »
Pages: 1 2 3 [4] 5   Go Down

Author Topic: help...OLDMAN, i'm creating a new thread as advised by u  (Read 39038 times)

0 Members and 1 Guest are viewing this topic.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #45 on: November 29, 2007, 02:44:48 AM »
I don't believe oems have a repair feature, just a recovery. Everything on your computer will be lost. The computer will be set back to like the day it was brand new.

If you have the name of the cd and computer model number. I can go look if there is a repair feature though.
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #46 on: November 29, 2007, 03:22:47 AM »
hi Oldman,

acer aspire 2020
model no CL32
os: xp home

hope the above info helps,

thanks
michaelong
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #47 on: November 29, 2007, 03:34:09 AM »
hi Oldman,

i've manage to boot into windows now.

can i give u a private message instead here.

thanks
michaelong
« Last Edit: November 29, 2007, 03:46:44 AM by michaelong »
Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #48 on: November 29, 2007, 03:51:13 AM »
sure pm away  :D
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #49 on: November 29, 2007, 05:18:27 AM »
hi Oldman,
here's my latest DSS scanned,

Deckard's System Scanner v20071014.68
Run by myself on 2007-11-29 11:51:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.5 GiB (less than 15%) free.


-- HijackThis (run as myself.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:04 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 7683 bytes
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #50 on: November 29, 2007, 05:19:23 AM »
-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 10:54:31         0 d-------- C:\WINDOWS\LastGood
2007-11-29 10:30:41      5632 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-11-29 08:51:50         0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-29 08:47:37         0 d-------- C:\WINDOWS\Prefetch
2007-11-29 08:36:21         0 --a------ C:\CONFIG.SYS
2007-11-29 08:36:21         0 --a------ C:\AUTOEXEC.BAT
2007-11-29 04:36:20         0 d--h----- C:\WINDOWS\PIF
2007-11-28 16:31:52         0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18     17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16         0 d-------- C:\EFix
2007-11-27 09:12:34         0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59         0 d-------- C:\My Downloads
2007-11-27 07:36:57         0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35   1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-26 09:15:35         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12         0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40         0 d-------- C:\Program Files\ms 10
2007-11-16 05:13:13         0 d-------- C:\Program Files\m
2007-11-12 01:16:51         0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49         0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30         0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13         0 d-------- C:\Program Files\Xider
2007-11-03 00:27:39         0 d-------- C:\Program Files\Apple Software Update
2007-11-03 00:27:39         0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-02 03:15:45     94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-11-02 03:15:45     15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-01 02:25:16         0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:14         0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-31 07:39:08         0 d-------- C:\TODC
2007-10-31 07:32:38         0 d-------- C:\ËÀÍö¹íÎÝ
2007-10-31 07:25:31         0 d-------- C:\HOD3


-- Find3M Report ---------------------------------------------------------------

2007-11-29 08:24:02     22736 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-25 10:25:50        46 --a------ C:\WINDOWS\popcinfo.dat
2007-10-28 17:05:54         0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12         0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20         0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48         0 dr------- C:\Program Files\mike holidays
2007-10-28 00:50:56         0 dr------- C:\Program Files\wmv
2007-10-28 00:02:06         0 d-------- C:\Program Files\video hp
2007-10-27 23:46:12         0 d-------- C:\Program Files\video
2007-10-25 13:03:44      4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 09:06:02         0 dr------- C:\Program Files\ad onli
2007-10-25 08:54:28         0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24         0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26         0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40         0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22         0 dr------- C:\Program Files\scenery
2007-10-24 18:22:30         0 dr------- C:\Program Files\eqtc edu
2007-10-24 18:12:58         0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22         0 dr------- C:\Program Files\songs
2007-10-24 09:50:44         0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34         0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30         0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10         0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52         0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12         0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08         0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16         0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58         0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30         0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30         0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26         0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44    203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10         0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48         0 d-------- C:\Program Files\Real
2007-10-22 09:20:48         0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38         0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12         0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08         0 d-------- C:\Program Files\Google
2007-10-22 09:19:04         0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02         0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08         0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06         0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:04:02         0 d-------- C:\Program Files\WIDCOMM
2007-10-22 08:03:24         0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50         0 d-------- C:\Documents and Settings\myself\Application Data\Google
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #51 on: November 29, 2007, 05:20:01 AM »
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/06/2005 11:15 AM 5632 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-29 11:51:35 ------------

Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #52 on: November 29, 2007, 06:01:19 AM »
looks good, and sorry about the ntdetect  :-[

I'll pm you some other info,
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #53 on: November 29, 2007, 06:22:42 AM »
hi Oldman,
u shouldn't feel bad,

it wasn't your mistakes, u done no wrong,

it just that i wasnt looking clearly between ''T" n "L",

somemore it just pop up into C:drive after i've finished wt my scanned.

i just PM.

thanks
michaelong

Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #54 on: December 02, 2007, 04:52:09 AM »
hi Oldman,

after my repairs n reinstall my previous registry which were formerly back up by erunt during the corrupt time,
i'm now back to square 1 wt the kavo file in my registry.
i'll be running the DSS scan again.
seems like a lot of ppl start to get infected wt this autorun virus.
my fren who infected me wt this virus( got it thru flash drive), he d/l the avg n manage to catch the this autorun
virus(kavo) from the registry as well as other that's related to kavo but unable to modify the reg as instructed here

''
HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced
Hidden = "2"

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced
ShowSuperHidden = "0"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun = "91"

from the look at his result as to compare to mine,
it seems the avg are more suitable in getting rid of this autorun virus(kavo).

regards
michaelong


Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #55 on: December 06, 2007, 02:57:35 AM »
hi Oldman  ;D,

saw a quote
''I had this malware in my computer and avast couldn't detect it. I don't know if avast detects malware or is it just a plain antivirus program and picks up just viruses. I had this Kavo.exe and as far as I was concerned it is deemed dangerous from the sources on the internet.

KAVO.EXE is Troj/Lineag-AW. I couldn't get rid of it even after formatting my C: as it resides in the registry.

What I am thinking is if someone could tell me  .... if avast isn't designed for this kinda threat? Or is avast a trustworthy antivirus.

If someone could shed some light I'd be really grateful''

is it true that even reformat also won't be able to kill this kavo virus?
if it is, can u pls explain to all of us here so that together we'll find the solution to this virus problem instead of taking the easier ways
like formatting yet still being infected.
since i've make plenty of mess out of my windows, i dont think i'll be able to provide u an information as it would very accurate
now to study base on my current situation.
though kavo.exe has been deleted by the kavo fix, the autorun still pop up over time but mostly thru skype!
i know my system is still infected n far from being clean like recently i wont be able to open the ''show the hidden file'' folder,
it seems to be locked.
is there any other option i can activate ''the show hidden file'' folder? it's not working too when in safe mode.

lookinh forward to get some advice fr u,

thanks Oldman for not giving up on us,

regards,
michaelong
P/s: submitting my latest DSS scanned log for your kind perusal
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #56 on: December 06, 2007, 02:58:18 AM »
Deckard's System Scanner v20071014.68
Run by myself on 2007-12-06 09:22:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 1 Restore Point(s) --
1: 2007-12-06 01:22:37 UTC - RP18 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as myself.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:11 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196901904953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

--
End of file - 8443 bytes
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #57 on: December 06, 2007, 02:59:46 AM »
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071206-084003-930 O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 BTPCCARD (Bluetooth BCSP Transport for Pc Card) - c:\windows\system32\drivers\btpcbcsp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-26 18:54:06       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-06 09:09:43      5632 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-12-05 15:08:15         0 d-------- C:\Documents and Settings\myself\Application Data\Help
2007-12-05 14:57:21         0 d-------- C:\Program Files\YouTube Downloader
2007-12-03 21:22:37         0 d--h----- C:\Program Files\mv coll 1
2007-12-03 13:19:55         0 d-------- C:\Program Files\WIDCOMM
2007-12-03 10:19:45         0 dr-hs---- C:\autorun.inf
2007-12-03 10:10:43     92672 -----n--- C:\WINDOWS\system32\kavo1.dll
2007-12-03 07:05:11         0 d--h----- C:\Program Files\mv coll
2007-12-02 17:41:57         0 d-------- C:\WINDOWS\pss
2007-12-01 17:15:58         0 d-------- C:\Program Files\MSXML 6.0
2007-12-01 17:15:36         0 d-------- C:\Program Files\MSXML 4.0
2007-11-30 16:49:10         0 d--hs---- C:\WINDOWS\ftpcache
2007-11-30 16:02:27         0 d-------- C:\WINDOWS\system32\Profiles
2007-11-30 16:02:01     65536 --a------ C:\CoronaWmiLogFile
2007-11-30 09:37:40        12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-30 06:42:43         0 d-------- C:\WINDOWS\Prefetch
2007-11-30 01:05:56         0 d-------- C:\WINDOWS\Network Diagnostic
2007-11-30 01:05:56         0 d-------- C:\WINDOWS\l2schemas
2007-11-29 15:08:35         0 d-------- C:\CRACK
2007-11-29 10:32:22   4456448 --a------ C:\Documents and Settings\myself\NTUSER.DAT
2007-11-29 10:32:20    233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-29 08:51:50         0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-29 08:36:21         0 --a------ C:\CONFIG.SYS
2007-11-29 08:36:21         0 --a------ C:\AUTOEXEC.BAT
2007-11-29 04:36:20         0 d--h----- C:\WINDOWS\PIF
2007-11-28 16:31:52         0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18     17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16         0 d-------- C:\EFix
2007-11-27 09:12:34         0 d-------- C:\Program Files\Trend Micro
2007-11-27 07:36:59         0 d-------- C:\My Downloads
2007-11-27 07:36:57         0 d-------- C:\Program Files\BearFlix
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35   1048576 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-11-26 09:15:35         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12         0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40         0 d--h----- C:\Program Files\ms 10
2007-11-16 05:13:13         0 d--h----- C:\Program Files\m
2007-11-12 01:16:51         0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49         0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30         0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13         0 d-------- C:\Program Files\Xider
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #58 on: December 06, 2007, 03:00:42 AM »
-- Find3M Report ---------------------------------------------------------------

2007-12-05 18:48:38        46 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 06:16:52     22780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-03 00:27:40         0 d-------- C:\Program Files\Apple Software Update
2007-11-01 02:25:18         0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:16         0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-28 17:05:54         0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12         0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20         0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48         0 dr------- C:\Program Files\mike holidays
2007-10-28 00:02:06         0 d--h----- C:\Program Files\video hp
2007-10-27 23:46:12         0 d--h----- C:\Program Files\video
2007-10-25 13:03:44      4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 08:54:28         0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24         0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26         0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40         0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22         0 dr------- C:\Program Files\scenery
2007-10-24 18:12:58         0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22         0 dr------- C:\Program Files\songs
2007-10-24 09:50:44         0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34         0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30         0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10         0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52         0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12         0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08         0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16         0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58         0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30         0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30         0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26         0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44    203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10         0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48         0 d-------- C:\Program Files\Real
2007-10-22 09:20:48         0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38         0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12         0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08         0 d-------- C:\Program Files\Google
2007-10-22 09:19:04         0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02         0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08         0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06         0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:03:24         0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50         0 d-------- C:\Documents and Settings\myself\Application Data\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:00 PM C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups

C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/06/2005 11:15 AM 5632 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]
- E:\ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]
explore\Command- F:\ntdelect.com
open\Command- F:\ntdelect.com




-- End of Deckard's System Scanner: finished at 2007-12-06 09:23:46 ------------
Logged

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #59 on: December 06, 2007, 03:02:28 AM »
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1600MHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 511.48 MiB / 265.49 MiB
Pagefile Memory (total/avail): 1249.34 MiB / 984.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.14 MiB

C: is Fixed (FAT32) - 54.98 GiB total, 10.15 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 0.87 GiB total, 0.02 GiB free.

\\.\PHYSICALDRIVE0 - HTS541060G9AT00 - 55.89 GiB - 2 partitions
  \PARTITION0 (bootable) - Unknown - 55.01 GiB - C:
  \PARTITION1 - Installable File System - 894.24 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1043 [VPS 071205-2] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Xider\\EsR\\Game.exe"="C:\\Program Files\\Xider\\EsR\\Game.exe:*:Enabled:Game"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BearFlix\\bearflix.exe"="C:\\Program Files\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\myself\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-D137MZMHOW
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\myself
LOGONSERVER=\\ACER-D137MZMHOW
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\myself\LOCALS~1\Temp
TMP=C:\DOCUME~1\myself\LOCALS~1\Temp
USERDOMAIN=ACER-D137MZMHOW
USERNAME=myself
USERPROFILE=C:\Documents and Settings\myself
windir=C:\WINDOWS
Logged
Pages: 1 2 3 [4] 5   Go Up
« previous next »