Author Topic: help...OLDMAN, i'm creating a new thread as advised by u  (Read 38902 times)

0 Members and 1 Guest are viewing this topic.

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #60 on: December 06, 2007, 03:06:42 AM »
-- User Profiles ---------------------------------------------------------------

myself (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
 --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ËÀÍöÖ®ÎÝ3 °²×°³ÌÐò --> C:\HOD3\UNWISE.EXE C:\HOD3\INSTALL.LOG
ËÀÍö´ò×ÖÔ± °²×°³ÌÐò --> C:\TODC\UNWISE.EXE C:\TODC\INSTALL.LOG
ËÀÍö¹íÎÝ °²×°³ÌÐò --> C:\EAIÖ1IIY\UNWISE.EXE C:\EAIÖ1IIY\INSTALL.LOG
5 Spots II --> C:\Program Files\reflexive games\5 Spots II\UNWISE.EXE C:\Program Files\reflexive games\5 Spots II\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Agere Systems AC'97 Modem --> agrsmdel
Air Strike II Gulf Thunder --> C:\Program Files\reflexive games\Air Strike II Gulf Thunder\UNWISE.EXE C:\Program Files\reflexive games\Air Strike II Gulf Thunder\INSTALL.LOG
Alien Shooter --> C:\Program Files\reflexive games\Alien Shooter\UNWISE.EXE C:\Program Files\reflexive games\Alien Shooter\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspire Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe"  -uninstall
Aspire Series --> C:\Program Files\Aspire Series\uninstall.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Bengal - Game of Gods (remove only) --> C:\Program Files\GameHouse\Bengal - Game of Gods\Uninstall.exe
Big Kahuna Reef --> C:\Program Files\GameHouse\Big Kahuna Reef\UNWISE.EXE C:\Program Files\GameHouse\Big Kahuna Reef\INSTALL.LOG
Big Kahuna Reef 2 - Chain Reaction --> "C:\Program Files\reflexive games\Big Kahuna Reef 2\ReflexiveArcade\unins000.exe"
Casino Island To Go --> "C:\Program Files\reflexive games\Casino Island To Go\ReflexiveArcade\unins000.exe"
Chicken Attack (remove only) --> C:\Program Files\GameHouse\Chicken Attack\Uninstall.exe
Chuzzle Deluxe --> "C:\Program Files\reflexive games\Chuzzle Deluxe\unins000.exe"
CRW Series Driver v1.17r019 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39AE0413-CEFC-4559-AC5F-855A1C006D2F}\SETUP.EXE" -l0x9
Cubis Gold 2 --> C:\PROGRA~1\GAMEHO~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\GAMEHO~1\CUBISG~1\INSTALL.LOG
Cute Knight --> "C:\Program Files\reflexive games\Cute Knight\ReflexiveArcade\unins000.exe"
Deep Sea Tycoon 2 --> "C:\Program Files\reflexive games\Deep Sea Tycoon 2\unins000.exe"
Dynomite --> C:\Program Files\PopCap Games\Dynomite\UNWISE.EXE C:\Program Files\PopCap Games\Dynomite\INSTALL.LOG
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
EsR 1.0 --> C:\PROGRA~1\Xider\EsR\Setup.exe /remove
FeedingFrenzy --> C:\Program Files\GameHouse\FeedingFrenzy\UNWISE.EXE C:\Program Files\GameHouse\FeedingFrenzy\INSTALL.LOG
Fishing Trip --> "C:\Program Files\reflexive games\Fishing Trip\unins000.exe"
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
Golf Adventure Galaxy --> C:\Program Files\reflexive games\Golf Adventure Galaxy\UNWISE.EXE C:\Program Files\reflexive games\Golf Adventure Galaxy\INSTALL.LOG
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Gutterball 2 --> C:\Program Files\GameHouse\Gutterball 2\UNWISE.EXE C:\Program Files\GameHouse\Gutterball 2\INSTALL.LOG
Hammer Heads 1.0 --> C:\Program Files\PopCap Games\Hammer Heads Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Hammer Heads Deluxe\Install.log"
Heavy Weapon Deluxe --> C:\Program Files\PopCap Games\Heavy Weapon\UNWISE.EXE C:\Program Files\PopCap Games\Heavy Weapon\INSTALL.LOG
Hidden Expedition Titanic (remove only) --> C:\Program Files\GameHouse\Hidden Expedition Titanic\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #61 on: December 06, 2007, 03:07:18 AM »
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JETFIGHTER 2015 --> "C:\Program Files\Global Star Software\JETFIGHTER 2015\Uninstall.exe" "C:\Program Files\Global Star Software\JETFIGHTER 2015\install.log"
Launch Manager --> C:\WINDOWS\UnInst32.exe CPLFL32.UNI
Magic Ball 2 --> C:\Program Files\GameHouse\Magic Ball 2\UNWISE.EXE C:\Program Files\GameHouse\Magic Ball 2\INSTALL.LOG
Magic Vines --> C:\Program Files\GameHouse\Magic Vines\UNWISE.EXE C:\Program Files\GameHouse\Magic Vines\INSTALL.LOG
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mummy Maze Deluxe --> C:\Program Files\PopCap Games\Mummy Maze Deluxe\UNWISE.EXE C:\Program Files\PopCap Games\Mummy Maze Deluxe\INSTALL.LOG
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Off Road Arena --> "C:\Program Files\reflexive games\Off Road Arena\unins000.exe"
Platypus --> C:\Program Files\GameHouse\Platypus\UNWISE.EXE C:\Program Files\GameHouse\Platypus\INSTALL.LOG
Poker Superstars --> C:\PROGRA~1\GAMEHO~1\POKERS~1\UNWISE.EXE C:\PROGRA~1\GAMEHO~1\POKERS~1\INSTALL.LOG
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE"  -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rocket Bowl --> C:\Program Files\reflexive games\Rocket Bowl\UNWISE.EXE C:\Program Files\reflexive games\Rocket Bowl\INSTALL.LOG
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMSC IrCC Driver V5.1.2462.0 (WinXP) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC86822D-3A20-11D5-801B-00E029348F40}\setup.exe"
Snail Mail --> C:\Program Files\reflexive games\Snail Mail\UNWISE.EXE C:\Program Files\reflexive games\Snail Mail\INSTALL.LOG
Snowy Puzzle Islands --> C:\Program Files\reflexive games\Snowy Puzzle Islands\UNWISE.EXE C:\Program Files\reflexive games\Snowy Puzzle Islands\INSTALL.LOG
Spin & Win --> C:\Program Files\reflexive games\Spin & Win\UNWISE.EXE C:\Program Files\reflexive games\Spin & Win\INSTALL.LOG
SpongeBob Collapse --> C:\Program Files\GameHouse\SpongeBob Collapse\UNWISE.EXE C:\Program Files\GameHouse\SpongeBob Collapse\INSTALL.LOG
Super Jigsaw --> C:\Program Files\GameHouse\Super Jigsaw\UNWISE.EXE C:\Program Files\GameHouse\Super Jigsaw\INSTALL.LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamUp --> C:\Program Files\reflexive games\TeamUp\UNWISE.EXE C:\Program Files\reflexive games\TeamUp\INSTALL.LOG
Tradewinds 2 --> "C:\Program Files\reflexive games\Tradewinds 2\unins000.exe"
Traffic Jam Extreme --> C:\Program Files\reflexive games\Traffic Jam Extreme\UNWISE.EXE C:\Program Files\reflexive games\Traffic Jam Extreme\INSTALL.LOG
Tropix --> C:\PROGRA~1\GAMEHO~1\TROPIX\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TROPIX\INSTALL.LOG
Virtual Villagers (remove only) --> C:\Program Files\GameHouse\Virtual Villagers\Uninstall.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Wik And The Fable Of Souls --> C:\Program Files\reflexive games\Wik And The Fable Of Souls\UNWISE.EXE C:\Program Files\reflexive games\Wik And The Fable Of Souls\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WM Converter 2.0 --> C:\Program Files\WM Converter\Uninstal.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #62 on: December 06, 2007, 03:08:38 AM »
-- Application Event Log -------------------------------------------------------

Event Record #/Type179 / Error
Event Submitted/Written: 12/06/2007 09:06:50 AM
Event ID/Source: 1009 / Windows Product Activation
Event Description:
You have not activated Windows within the grace period. To activate Windows, contact a customer service representative by telephone.

Event Record #/Type178 / Warning
Event Submitted/Written: 12/06/2007 09:06:40 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.

Event Record #/Type177 / Warning
Event Submitted/Written: 12/06/2007 09:06:31 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.

Event Record #/Type176 / Warning
Event Submitted/Written: 12/06/2007 09:05:06 AM
Event ID/Source: 1011 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.

Event Record #/Type159 / Error
Event Submitted/Written: 12/05/2007 07:14:35 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module ole32.dll, version 5.1.2600.2726, fault address 0x0001feab.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1930 / Warning
Event Submitted/Written: 12/06/2007 09:11:30 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00023F17A308.  The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1923 / Error
Event Submitted/Written: 12/06/2007 09:10:18 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type1922 / Error
Event Submitted/Written: 12/06/2007 09:09:44 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type1921 / Error
Event Submitted/Written: 12/06/2007 09:09:44 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
AFD
aswTdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type1920 / Error
Event Submitted/Written: 12/06/2007 09:09:44 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-12-06 09:23:46 ------------

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #63 on: December 06, 2007, 03:18:34 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:21 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196901904953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

--
End of file - 8401 bytes

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #64 on: December 06, 2007, 04:20:24 AM »
hi Oldmn,

finally able to open my hidden files, my reg has been modified.
''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = "0"

(Note: The default value data for the said registry entry is 1.)''

this is the cause for not able to access the hidden files folder.

regards
michaelong

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #65 on: December 06, 2007, 07:40:02 AM »
Hi

go to add/remove programs and uninstall this if found

Bearflix

You have one instance of kavo


check Show hidden files and folders
uncheck "Hide extensions for known file types" box
uncheck "Hide protecting operating system files" box

Do a search for kavo1.dll in the C:\windows\system32 folder and delete it.

Search C:\ for the autorun   autorun.inf

open it with notepad and confirm that it has ntdelect in it. if it does then delete it.

do the same with any others you find.

Do the manual check of the registry as outlined in the manual removal instructions.

While in the registry delete these two keys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aec12e-803c-11dc-ac38-000b6b581de1}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d8963b4-9976-11dc-aee9-000b6b581de1}]

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #66 on: December 06, 2007, 09:17:56 AM »
hi Oldman,

thx for your quick reply,
indeed the kavo1.dll were found in the ''C:\windows\system32 folder '' as well as the reg key that were provided by u.
all the above virus has been deleted n the bear flix has been uninstalled.
unfortunately i'm unable to locate the ''autorun.inf'' wt the ntdelect in it though i've unchecked all the hide ext.
seems like i've manage to delete all the autorun.inf file( i think so ;D)

BRAVO Oldman,

felt like my system is quite clean now.
a big thanks for your effort

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #67 on: December 06, 2007, 09:30:14 AM »
hi Oldman, just borrow from my friend his laptop which also infected wt ''Autorun.inf virus (kavo.exe).
it was infected thru me(flash drive) when i transfer the songs to him.
ever since of the last mess that i've done to my pc,
i'm not going to touch his pc until i get a proper instruction to do it the right way.
as for his pc, am i allow to open a new thread to analyse wt u?
hopefully we can start over again for this kavo virus wt new analysis n solution.
if u ok it, i'll start by running HJT n DSS to start wt.

best regards
michaelong

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #68 on: December 06, 2007, 09:37:36 AM »
Deckard's System Scanner v20071014.68
Run by myself on 2007-12-06 16:35:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as myself.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:31 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\myself\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myself.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE7-10] rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193064255312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196901904953
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

--
End of file - 8687 bytes

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #69 on: December 06, 2007, 09:38:29 AM »
-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-06 11:32:13         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 11:32:09         0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 11:32:09         0 d-------- C:\Documents and Settings\myself\Application Data\SUPERAntiSpyware.com
2007-12-06 09:09:43      5632 --a------ C:\WINDOWS\system32\antiwpa.dll <Not Verified; ; AntiWPA3>
2007-12-05 15:08:15         0 d-------- C:\Documents and Settings\myself\Application Data\Help
2007-12-05 14:57:21         0 d-------- C:\Program Files\YouTube Downloader
2007-12-03 21:22:37         0 d--h----- C:\Program Files\mv coll 1
2007-12-03 13:19:55         0 d-------- C:\Program Files\WIDCOMM
2007-12-03 10:19:45         0 dr-hs---- C:\autorun.inf
2007-12-03 07:05:11         0 d--h----- C:\Program Files\mv coll
2007-12-02 17:41:57         0 d-------- C:\WINDOWS\pss
2007-12-01 17:15:58         0 d-------- C:\Program Files\MSXML 6.0
2007-12-01 17:15:36         0 d-------- C:\Program Files\MSXML 4.0
2007-11-30 16:49:10         0 d--hs---- C:\WINDOWS\ftpcache
2007-11-30 16:02:27         0 d-------- C:\WINDOWS\system32\Profiles
2007-11-30 16:02:01     65536 --a------ C:\CoronaWmiLogFile
2007-11-30 09:37:40        12 --a------ C:\WINDOWS\bthservsdp.dat
2007-11-30 06:42:43         0 d-------- C:\WINDOWS\Prefetch
2007-11-30 01:05:56         0 d-------- C:\WINDOWS\Network Diagnostic
2007-11-30 01:05:56         0 d-------- C:\WINDOWS\l2schemas
2007-11-29 15:08:35         0 d-------- C:\CRACK
2007-11-29 10:32:22   4456448 --a------ C:\Documents and Settings\myself\NTUSER.DAT
2007-11-29 10:32:20    233472 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-11-29 08:51:50         0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-29 08:36:21         0 --a------ C:\CONFIG.SYS
2007-11-29 08:36:21         0 --a------ C:\AUTOEXEC.BAT
2007-11-29 04:36:20         0 d--h----- C:\WINDOWS\PIF
2007-11-28 16:31:52         0 d-------- C:\Program Files\Burn
2007-11-28 16:31:18     17408 --a------ C:\psapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-27 21:31:16         0 d-------- C:\EFix
2007-11-27 09:12:34         0 d-------- C:\Program Files\Trend Micro
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-26 09:15:36         0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-26 09:15:36         0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-11-26 09:15:36         0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-11-26 09:15:36         0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-11-26 09:15:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-26 09:15:35   1048576 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-11-26 09:15:35         0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-19 19:26:12         0 d-------- C:\Program Files\WM Converter
2007-11-16 19:01:40         0 d--h----- C:\Program Files\ms 10
2007-11-16 05:13:13         0 d--h----- C:\Program Files\m
2007-11-12 01:16:51         0 d-------- C:\Program Files\FlashGet
2007-11-10 09:27:49         0 d-------- C:\Program Files\Common Files\DirectX
2007-11-10 09:24:30         0 d-------- C:\Program Files\Paris-Dakar Rally
2007-11-08 08:14:13         0 d-------- C:\Program Files\Xider


-- Find3M Report ---------------------------------------------------------------

2007-12-05 18:48:38        46 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 06:16:52     22780 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-03 00:27:40         0 d-------- C:\Program Files\Apple Software Update
2007-11-01 02:25:18         0 d-------- C:\Program Files\Global Star Software
2007-10-31 08:50:16         0 d-------- C:\Documents and Settings\myself\Application Data\SEGA
2007-10-28 17:05:54         0 d-------- C:\Documents and Settings\myself\Application Data\EA
2007-10-28 16:57:12         0 d-------- C:\Program Files\BFG
2007-10-28 01:43:20         0 dr------- C:\Program Files\nepal_everest
2007-10-28 01:28:48         0 dr------- C:\Program Files\mike holidays
2007-10-28 00:02:06         0 d--h----- C:\Program Files\video hp
2007-10-27 23:46:12         0 d--h----- C:\Program Files\video
2007-10-25 13:03:44      4096 --a------ C:\WINDOWS\d3dx.dat
2007-10-25 08:54:28         0 d-------- C:\Program Files\PopCap Games
2007-10-25 08:44:24         0 d-------- C:\Program Files\reflexive games
2007-10-25 08:36:26         0 d-------- C:\Program Files\GameHouse
2007-10-24 19:32:40         0 d-------- C:\Documents and Settings\myself\Application Data\Apple Computer
2007-10-24 18:24:22         0 dr------- C:\Program Files\scenery
2007-10-24 18:12:58         0 d-------- C:\Program Files\ReflexiveArcade
2007-10-24 17:53:22         0 dr------- C:\Program Files\songs
2007-10-24 09:50:44         0 d-------- C:\Documents and Settings\myself\Application Data\Talkback
2007-10-24 09:50:34         0 --a------ C:\WINDOWS\nsreg.dat
2007-10-24 09:50:30         0 d-------- C:\Documents and Settings\myself\Application Data\Mozilla
2007-10-24 09:48:10         0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 09:38:52         0 d-------- C:\Program Files\mIRC
2007-10-24 09:38:12         0 d-------- C:\Program Files\Yahoo!
2007-10-24 09:37:08         0 d-------- C:\Program Files\MSN Messenger
2007-10-24 09:35:16         0 d-------- C:\Documents and Settings\myself\Application Data\ICQ
2007-10-24 09:34:58         0 d-------- C:\Program Files\ICQ6
2007-10-24 09:34:30         0 d-------- C:\Documents and Settings\myself\Application Data\InstallShield
2007-10-24 09:33:30         0 d-------- C:\Program Files\Common Files\Java
2007-10-23 01:38:26         0 d-------- C:\Documents and Settings\myself\Application Data\Macromedia
2007-10-23 01:13:44    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2007-10-23 01:13:44    203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2007-10-22 09:22:10         0 d-------- C:\Program Files\QuickTime
2007-10-22 09:20:58         0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 09:20:48         0 d-------- C:\Program Files\Real
2007-10-22 09:20:48         0 d-------- C:\Program Files\Common Files\Real
2007-10-22 09:20:38         0 d-------- C:\Documents and Settings\myself\Application Data\Real
2007-10-22 09:19:12         0 d-------- C:\Documents and Settings\myself\Application Data\Skype
2007-10-22 09:19:08         0 d-------- C:\Program Files\Google
2007-10-22 09:19:04         0 d-------- C:\Program Files\Skype
2007-10-22 09:19:02         0 d-------- C:\Program Files\Common Files\Skype
2007-10-22 09:18:08         0 d-------- C:\Program Files\Lavasoft
2007-10-22 09:17:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 09:16:06         0 d-------- C:\Program Files\Alwil Software
2007-10-22 08:03:24         0 d-------- C:\Program Files\ATI Technologies
2007-10-21 18:39:50         0 d-------- C:\Documents and Settings\myself\Application Data\Google

michaelong

  • Guest
Re: help...OLDMAN, i'm creating a new thread as advised by u
« Reply #70 on: December 06, 2007, 09:39:17 AM »
-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [11/19/2003 03:41 PM C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [03/12/2004 12:15 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/12/2004 12:14 PM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [10/02/2003 02:37 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [10/02/2003 02:19 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/04/2001 04:24 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="C:\Program Files\CRW\shwicon.exe" [01/09/2003 12:05 AM]
"PCMService"="C:\Program Files\Aspire Arcade\PCMService.exe" [03/25/2004 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE" [04/05/2004 09:46 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2004 09:10 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" []
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 04:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 12:00 PM C:\WINDOWS\system32\bthprops.cpl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/23/2007 07:58 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
"IE7-10"=rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups

C:\Documents and Settings\myself\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/14/2003 1:28:28 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 07/06/2005 11:15 AM 5632 C:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ




-- End of Deckard's System Scanner: finished at 2007-12-06 16:35:57 ------------