|
|
|
Help~! how to remove KAVO.exe??
|
|
|
lackadaiz
Suspended due to non-functional email address
|
13. January 2008 @ 04:48 |
Link to this message
|
this virus have been restricting me from showing hidden files n system files....and worse of all it also do not allow me to change the values in REGEDIT...after refreshing the values changes back to wat the virus wants...help!!
more info abt e virus i talking abt....
http://www.symantec.com/security_respons...1742-99&tabid=3
|
|
Advertisement
|
|
|
|
Senior Member
|
13. January 2008 @ 19:55 |
Link to this message
|
|
|
lackadaiz
Suspended due to non-functional email address
|
15. January 2008 @ 00:31 |
Link to this message
|
Originally posted by QuikDraw:
Download and run Deckard's System Scanner. During the process you will be prompted to download HijackThis. Do this. Post both logs here for review. Someone will get back to you shortly. http://www.geekstogo.com/forum/index.php...file=19
Deckard's System Scanner v20071014.68
Run by Syl & Huiling on 2008-01-15 13:24:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
6: 2008-01-15 05:25:09 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-01-14 16:02:54 UTC - RP5 - System Checkpoint
4: 2008-01-12 17:53:51 UTC - RP4 - System Checkpoint
3: 2008-01-11 16:41:51 UTC - RP3 - System Checkpoint
2: 2008-01-10 16:14:58 UTC - RP2 - System Checkpoint
-- First Restore Point --
1: 2008-01-09 15:44:53 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-15 13:26:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Greatis\RegRunSuite\WatchDog.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
E:\PROGRAMS\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Syl & Huiling\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1stopstation.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\RunOnce: [hh7cx] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKLM\..\RunOnceEx: [Title] RegRun II Secure Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9020 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,51
.chm - chm.file - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,15
.hlp - hlpfile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,15
.inf - inffile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,47
.ini - inifile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,47
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 a2cf40z (a2cf40) - c:\windows\system32\drivers\a2cf40z.sys
R3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S0 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_100A147B&REV_02\3&13C0B0C5&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_100A147B&REV_02\3&13C0B0C5&0&FD
Service:
-- Files created between 2007-12-15 and 2008-01-15 -----------------------------
2008-01-09 19:04:50 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
2008-01-09 19:03:29 25600 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-09 19:03:29 31138 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-09 19:03:29 0 d-------- C:\backreg
2008-01-09 19:03:28 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Regrun
2008-01-09 19:01:52 16384 --a------ C:\WINDOWS\WinBait.exe
2008-01-09 19:01:52 441856 --a------ C:\WINDOWS\RunGuard.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-08 23:56:02 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-07 19:16:10 194560 --a------ C:\WINDOWS\jan-screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-01-07 19:16:03 0 d-------- C:\WINDOWS\jan-screensaver dir
2008-01-07 19:16:03 12288 --a------ C:\WINDOWS\impborl.dll
2008-01-07 19:16:03 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2008-01-07 19:12:40 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-07 19:12:40 232 --a------ C:\Documents and Settings\Syl & Huiling\MySony.dll
2008-01-05 00:27:00 0 d--h----- C:\WINDOWS\PIF
2008-01-03 15:56:41 0 d-------- C:\Program Files\MegauploadToolbar
2008-01-03 15:56:40 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\MegauploadToolbar
2008-01-02 17:09:04 0 d-------- C:\WINDOWS\system32\windows media
2008-01-02 17:08:24 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-01-02 17:08:18 0 d-------- C:\Program Files\Windows Media Components
2008-01-02 12:55:21 114222 -r-hs---- C:\copetttt.com
2007-12-29 01:13:56 0 d-------- C:\Program Files\Real Alternative
2007-12-29 00:58:16 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-29 00:58:13 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-29 00:58:12 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-29 00:58:12 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-29 00:58:11 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-29 00:58:11 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-29 00:58:11 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-29 00:58:10 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 09:00:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony Corporation
2007-12-26 23:55:52 0 d-------- C:\WINDOWS\system32\DLA
2007-12-26 23:55:50 0 d-------- C:\Program Files\Sonic
2007-12-26 23:46:40 0 d-------- C:\Program Files\Sony
2007-12-26 23:45:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-26 23:45:15 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InstallShield
2007-12-26 23:28:52 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-12-26 23:28:52 0 d-------- C:\Drivers
2007-12-26 19:37:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Real
2007-12-26 17:39:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\DivX
2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-26 14:41:17 0 d-------- C:\Program Files\Common Files\Real
2007-12-26 14:41:16 0 d-------- C:\Program Files\Real
2007-12-23 09:25:42 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Publish Providers
2007-12-23 09:24:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-23 09:24:37 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony
2007-12-23 09:19:49 0 d-------- C:\Program Files\Vstplugins
2007-12-23 09:19:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
-- Find3M Report ---------------------------------------------------------------
2008-01-14 18:54:27 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2008-01-14 18:54:27 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2008-01-04 13:05:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-26 23:56:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-26 23:28:20 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files
2007-12-23 09:05:26 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-13 10:31:11 0 d-------- C:\Program Files\MSN Messenger
2007-12-12 06:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 22:03:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sun
2007-12-11 08:25:05 0 d-------- C:\Program Files\MSXML 4.0
2007-12-11 08:05:07 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\vlc
2007-12-10 23:10:47 20541 --a------ C:\WINDOWS\system32\detoured.dll <Not Verified; Microsoft Corporation; Microsoft Research Detours Package>
2007-12-10 23:10:47 515584 --a------ C:\WINDOWS\Install2154.exe
2007-12-10 19:42:05 1279 --a------ C:\WINDOWS\mozver.dat
2007-12-10 19:41:50 0 d-------- C:\Program Files\Java
2007-12-10 19:39:51 0 d-------- C:\Program Files\Common Files\Java
2007-12-10 19:26:01 0 d-------- C:\Program Files\eREAD6.0
2007-12-10 19:16:34 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-10 19:01:51 0 --a------ C:\WINDOWS\acdsee321.dll
2007-12-10 18:58:14 58368 --a------ C:\WINDOWS\system32\SkypeClient.exe <Not Verified; ; SkypeClient ????>
2007-12-10 18:03:24 0 d-------- C:\Program Files\Common Files\Stardock
2007-12-10 17:35:59 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\WinRAR
2007-12-09 22:52:30 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Media Player Classic
2007-12-08 09:52:02 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-08 01:49:56 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-08 01:49:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-08 01:49:30 62 --ahs---- C:\Documents and Settings\Syl & Huiling\Application Data\desktop.ini
2007-12-08 01:16:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Symantec
2007-12-08 00:16:04 0 d-------- C:\Program Files\Symantec
2007-12-07 23:48:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Macromedia
2007-12-07 23:48:34 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Adobe
2007-12-07 23:42:19 0 d-------- C:\Program Files\Stardock
2007-12-07 23:41:38 0 d-------- C:\Program Files\Windows Live
2007-12-07 23:41:12 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-07 23:16:50 0 d-------- C:\Program Files\New Folder
2007-12-07 23:15:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-07 23:15:32 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Mozilla
2007-12-07 23:12:37 0 d-------- C:\Program Files\Microsoft Works
2007-12-07 23:12:21 0 d-------- C:\Program Files\MSBuild
2007-12-07 23:11:12 0 d-------- C:\Program Files\Microsoft.NET
2007-12-07 23:09:34 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-07 22:52:27 0 d-------- C:\Program Files\MSXML 6.0
2007-12-07 19:37:43 0 d-------- C:\Program Files\Reference Assemblies
2007-12-07 19:34:20 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-07 19:24:17 0 d-------- C:\Program Files\Messenger
2007-12-07 19:07:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InterTrust
2007-12-07 19:00:17 0 d-------- C:\Program Files\Creative
2007-12-07 18:26:33 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Identities
2007-12-07 18:13:38 0 d-------- C:\Program Files\microsoft frontpage
2007-12-07 18:13:18 0 -rahs---- C:\MSDOS.SYS
2007-12-07 18:13:18 0 -rahs---- C:\IO.SYS
2007-12-07 18:13:18 0 --a------ C:\CONFIG.SYS
2007-12-07 18:13:18 0 --a------ C:\AUTOEXEC.BAT
2007-12-07 18:11:44 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-07 18:11:03 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-07 18:10:56 0 d-------- C:\Program Files\Movie Maker
2007-12-07 18:10:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-07 18:09:50 0 d-------- C:\Program Files\Online Services
2007-12-07 18:09:41 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-07 18:09:34 0 d-------- C:\Program Files\Windows NT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 01:00 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"BootSkin Startup Jobs"="E:\PROGRAMS\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2007 12:49 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
"RegRun WinBait"="C:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
"@RegRunOnSecure"="e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Regrun2"="e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [12/17/2007 12:30 PM]
"Registry"="e:\Program Files\Greatis\RegRunSuite\lsoon.exe" [12/17/2007 12:28 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"hh7cx"=%systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer
C:\Documents and Settings\Syl & Huiling\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/26/2007 11:47:00 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= e:\Program Files\Greatis\RegRunSuite\RRShell.dll [11/02/2004 09:15 AM 368711]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dac2540-a4b5-11dc-a604-00508d4e20d5}]
AutoRun\command- H:\f.cmd
explore\Command- H:\f.cmd
open\Command- H:\f.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdfb87f-a662-11dc-a60d-00508d4e20d5}]
AutoRun\command- L:\copetttt.com
explore\Command- L:\copetttt.com
open\Command- L:\copetttt.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f54-a4eb-11dc-b2cb-806d6172696f}]
AutoRun\command- f.cmd
explore\Command- f.cmd
open\Command- f.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f55-a4eb-11dc-b2cb-806d6172696f}]
AutoRun\command- f.cmd
explore\Command- f.cmd
open\Command- f.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f57-a4eb-11dc-b2cb-806d6172696f}]
AutoRun\command- f.cmd
explore\Command- f.cmd
open\Command- f.cmd
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-01-15 13:29:28 ------------
|
|
lackadaiz
Suspended due to non-functional email address
|
15. January 2008 @ 00:35 |
Link to this message
|
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1023.48 MiB / 355.09 MiB
Pagefile Memory (total/avail): 2462 MiB / 1811.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.11 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 24.41 GiB total, 6.69 GiB free.
D: is Fixed (NTFS) - 372.61 GiB total, 215.85 GiB free.
E: is Fixed (NTFS) - 87.37 GiB total, 85.87 GiB free.
F: is CDROM (CDFS)
G: is CDROM (Unformatted)
\\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 2 partitions
\PARTITION0 - Extended w/Extended Int 13 - 24.41 GiB - C:
\PARTITION1 (bootable) - Installable File System - 87.37 GiB - E:
\\.\PHYSICALDRIVE1 - ST3400620A - 372.61 GiB - 1 partition
\PARTITION0 - Installable File System - 372.61 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Syl & Huiling\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MOJO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Syl & Huiling
LOGONSERVER=\\MOJO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SYL&HU~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SYL&HU~1\LOCALS~1\Temp
USERDOMAIN=MOJO
USERNAME=Syl & Huiling
USERPROFILE=C:\Documents and Settings\Syl & Huiling
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Syl & Huiling (admin)
-- Add/Remove Programs ---------------------------------------------------------
-- Application Event Log -------------------------------------------------------
Event Record #/Type1849 / Success
Event Submitted/Written: 01/14/2008 10:43:05 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1800 / Success
Event Submitted/Written: 01/13/2008 05:27:19 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1700 / Success
Event Submitted/Written: 01/11/2008 00:30:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1685 / Success
Event Submitted/Written: 01/10/2008 03:11:37 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type1656 / Success
Event Submitted/Written: 01/09/2008 07:35:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2929 / Error
Event Submitted/Written: 01/15/2008 01:18:40 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.
Event Record #/Type2928 / Warning
Event Submitted/Written: 01/15/2008 00:11:01 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Event Record #/Type2927 / Error
Event Submitted/Written: 01/15/2008 00:06:35 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.
Event Record #/Type2926 / Error
Event Submitted/Written: 01/15/2008 11:06:30 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.
Event Record #/Type2922 / Error
Event Submitted/Written: 01/15/2008 10:06:28 AM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer USER-2FB3F736A7
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
The master browser is stopping or an election is being forced.
-- End of Deckard's System Scanner: finished at 2008-01-15 13:29:28 ------------
|
Senior Member
|
16. January 2008 @ 06:18 |
Link to this message
|
Reboot into safe mode. Open HJK. Click, Do a system scan only. Place ticks (check marks) next to all the items listed below. Click, "Fix checked" Click, yes. Reboot into normal mode, run HJK and post a new log.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\RunOnce: [hh7cx] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKLM\..\RunOnceEx: [Title] RegRun II Secure Start
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
This message has been edited since posting. Last time this message was edited on 16. January 2008 @ 06:19
|
|
lackadaiz
Suspended due to non-functional email address
|
19. February 2008 @ 12:07 |
Link to this message
|
Deckard's System Scanner v20071014.68
Run by Syl & Huiling on 2008-02-20 01:01:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 2.48 GiB (less than 15%) free.
-- HijackThis (run as Syl & Huiling.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:51 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Syl & Huiling\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Syl & Huiling.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] e:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8888 bytes
-- Files created between 2008-01-20 and 2008-02-20 -----------------------------
2008-02-20 00:45:12 0 d-------- C:\Program Files\Trend Micro
2008-02-10 11:29:12 0 dr-h----- C:\Documents and Settings\Syl & Huiling\Recent
2008-02-04 17:44:29 0 d-------- C:\Program Files\uTorrent
2008-02-04 17:44:20 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\uTorrent
2008-02-02 00:04:42 0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-02 00:02:30 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-02 00:01:29 0 d-------- C:\Program Files\Common Files\Nero
2008-02-01 23:11:10 2973696 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
2008-02-01 23:09:17 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-02-01 23:09:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-01 23:09:16 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-01 23:09:16 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-01 23:09:15 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-02-01 23:09:15 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-02-01 23:09:15 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-01 23:08:59 0 d-------- C:\Program Files\Common Files\Ahead
2008-02-01 23:08:57 0 d-------- C:\Program Files\Ahead
2008-02-01 18:53:41 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Leadertech
2008-02-01 18:53:33 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sonic
2008-02-01 18:53:23 0 d-------- C:\Program Files\Common Files\Sonic
2008-01-31 03:44:57 0 dr-h----- C:\$VAULT$.AVG
2008-01-31 02:53:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\AVG7
2008-01-31 02:50:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 02:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 02:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-23 17:54:03 0 d-------- C:\eREAD6.0
2008-01-22 11:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-22 11:49:02 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Nokia Multimedia Player
-- Find3M Report ---------------------------------------------------------------
2008-02-20 00:50:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-20 00:41:37 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2008-02-20 00:41:37 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2008-02-02 00:04:42 0 d-------- C:\Program Files\Common Files
2008-01-28 01:30:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Real
2008-01-17 17:16:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-17 17:08:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Adobe
2008-01-17 16:21:43 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-17 16:18:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-16 11:37:02 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Nokia
2008-01-16 11:36:53 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\PC Suite
2008-01-16 11:17:45 0 d-------- C:\Program Files\DIFX
2008-01-16 11:16:16 0 d-------- C:\Program Files\Common Files\Nokia
2008-01-16 11:16:14 0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-16 11:16:12 0 d-------- C:\Program Files\Nokia
2008-01-16 11:15:17 0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-09 19:03:29 25600 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-01-09 19:03:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Regrun
2008-01-07 19:17:26 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\MegauploadToolbar
2008-01-07 19:16:10 194560 --a------ C:\WINDOWS\jan-screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-01-07 19:16:03 12288 --a------ C:\WINDOWS\impborl.dll
2008-01-07 19:16:03 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
2008-01-07 19:09:18 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-03 15:56:52 0 d-------- C:\Program Files\MegauploadToolbar
2008-01-02 17:08:18 0 d-------- C:\Program Files\Windows Media Components
2007-12-30 00:49:39 0 d-------- C:\Program Files\Real
2007-12-30 00:49:25 0 d-------- C:\Program Files\Common Files\Real
2007-12-29 01:13:57 0 d-------- C:\Program Files\Real Alternative
2007-12-27 09:00:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony Corporation
2007-12-26 23:55:50 0 d-------- C:\Program Files\Sonic
2007-12-26 23:46:40 0 d-------- C:\Program Files\Sony
2007-12-26 23:45:15 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InstallShield
2007-12-26 23:28:20 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-26 18:14:40 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\DivX
2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-23 09:25:42 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Publish Providers
2007-12-23 09:24:37 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony
2007-12-23 09:19:49 0 d-------- C:\Program Files\Vstplugins
2007-12-12 06:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-10 23:10:47 20541 --a------ C:\WINDOWS\system32\detoured.dll <Not Verified; Microsoft Corporation; Microsoft Research Detours Package>
2007-12-10 19:42:05 1279 --a------ C:\WINDOWS\mozver.dat
2007-12-10 19:01:51 0 --a------ C:\WINDOWS\acdsee321.dll
2007-12-08 09:52:02 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-12-08 01:49:30 62 --ahs---- C:\Documents and Settings\Syl & Huiling\Application Data\desktop.ini
2007-12-07 23:15:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-07 18:13:18 0 -rahs---- C:\MSDOS.SYS
2007-12-07 18:13:18 0 -rahs---- C:\IO.SYS
2007-12-07 18:13:18 0 --a------ C:\CONFIG.SYS
2007-12-07 18:13:18 0 --a------ C:\AUTOEXEC.BAT
2007-12-07 18:10:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 01:00 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"BootSkin Startup Jobs"="E:\PROGRAMS\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2007 12:49 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
"RegRun WinBait"="C:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
"@RegRunOnSecure"="e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"Regrun2"="e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [12/17/2007 12:30 PM]
"Registry"="e:\Program Files\Greatis\RegRunSuite\lsoon.exe" [12/17/2007 12:28 PM]
C:\Documents and Settings\Syl & Huiling\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/26/2007 11:47:00 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= e:\Program Files\Greatis\RegRunSuite\RRShell.dll [11/02/2004 09:15 AM 368711]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dac2540-a4b5-11dc-a604-00508d4e20d5}]
AutoRun\command- H:\lg.cmd
explore\Command- H:\lg.cmd
open\Command- H:\lg.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72b381fc-b3c9-11dc-a616-00508d4e20d5}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdfb87f-a662-11dc-a60d-00508d4e20d5}]
AutoRun\command- q83iwmgf.bat
explore\Command- q83iwmgf.bat
open\Command- q83iwmgf.bat
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-02-20 01:02:40 ------------
HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:42 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] e:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8862 bytes
|
Senior Member
|
19. February 2008 @ 15:35 |
Link to this message
|
|
Your HJK log is clean.
Any questions?
|
|
lackadaiz
Suspended due to non-functional email address
|
24. February 2008 @ 00:32 |
Link to this message
|
Originally posted by QuikDraw:
Your HJK log is clean.
Any questions?
Thanks quickdraw....how abt this? this is from another com...
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
CPU 1: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1526.04 MiB / 857.79 MiB
Pagefile Memory (total/avail): 3420.48 MiB / 2954.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.24 MiB
C: is Fixed (NTFS) - 139.28 GiB total, 94.66 GiB free.
D: is Fixed (FAT32) - 9.75 GiB total, 0.95 GiB free.
E: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD1600BEVS-00UST0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 139.28 GiB - C:
\PARTITION1 - Unknown - 9.77 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
AV: AVG 7.5.516 v7.5.516 (Grisoft)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\eREAD6.0\\eREAD_Cookcase.exe"="C:\\eREAD6.0\\eREAD_Cookcase.exe:*:Enabled:eREAD 6.0"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\syl\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FELONE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\syl
LOGONSERVER=\\FELONE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PRESARIO
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\syl\LOCALS~1\Temp
TMP=C:\DOCUME~1\syl\LOCALS~1\Temp
USERDOMAIN=FELONE
USERNAME=syl
USERPROFILE=C:\Documents and Settings\syl
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
syl (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
--> C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{4067A0B5-FB0B-479C-8735-6F48F8E21872}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\Setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bejeweled 2 Deluxe --> "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"
BeTrapped! --> "C:\Program Files\Oberon Media\BeTrapped!\Uninstall.exe" "C:\Program Files\Oberon Media\BeTrapped!\install.log"
BitComet 0.91 --> C:\Program Files\BitComet\uninst.exe
Bookworm Deluxe --> "C:\Program Files\Oberon Media\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bookworm Deluxe\install.log"
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
Bricks of Atlantis --> "C:\Program Files\Oberon Media\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\Oberon Media\Bricks of Atlantis\install.log"
Bricks of Egypt --> "C:\Program Files\Oberon Media\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Oberon Media\Bricks of Egypt\install.log"
Cake Mania --> "C:\Program Files\Oberon Media\Cake Mania\Uninstall.exe" "C:\Program Files\Oberon Media\Cake Mania\install.log"
Chicken Rush --> "C:\Program Files\Oberon Media\Chicken Rush\Uninstall.exe" "C:\Program Files\Oberon Media\Chicken Rush\install.log"
Chuzzle --> "C:\Program Files\Oberon Media\Chuzzle\Uninstall.exe" "C:\Program Files\Oberon Media\Chuzzle\install.log"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B2a.inf
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Gem Shop --> "C:\Program Files\Oberon Media\Gem Shop\Uninstall.exe" "C:\Program Files\Oberon Media\Gem Shop\install.log"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B2m\HXFSETUP.EXE -U -Iwis30B2m.INF
Hexic --> "C:\Program Files\Oberon Media\Hexic\Uninstall.exe" "C:\Program Files\Oberon Media\Hexic\install.log"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP DVD Play 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0027 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IconPackager --> C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
Insaniquarium Deluxe --> "C:\Program Files\Oberon Media\Insaniquarium Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Insaniquarium Deluxe\install.log"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jewel of Atlantis --> "C:\Program Files\Oberon Media\Jewel of Atlantis\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel of Atlantis\install.log"
Jewel Quest --> "C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel Quest\install.log"
Jigsaw 365 --> "C:\Program Files\Oberon Media\Jigsaw 365\Uninstall.exe" "C:\Program Files\Oberon Media\Jigsaw 365\install.log"
K-Lite Mega Codec Pack 3.6.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Magic Ball 2 --> "C:\Program Files\Oberon Media\Magic Ball 2\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Ball 2\install.log"
Magic Match --> "C:\Program Files\Oberon Media\Magic Match\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Match\install.log"
Mahjong Match --> "C:\Program Files\Oberon Media\Mahjong Match\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Match\install.log"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mosiac - Tomb of Mystery --> "C:\Program Files\Oberon Media\Mosiac - Tomb of Mystery\Uninstall.exe" "C:\Program Files\Oberon Media\Mosiac - Tomb of Mystery\install.log"
Mozaki Blocks --> "C:\Program Files\Oberon Media\Mozaki Blocks\Uninstall.exe" "C:\Program Files\Oberon Media\Mozaki Blocks\install.log"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
Mystery Case Files - Huntsville --> "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\install.log"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Ocean Express --> "C:\Program Files\Oberon Media\Ocean Express\Uninstall.exe" "C:\Program Files\Oberon Media\Ocean Express\install.log"
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Pat Sajak?s Lucky Letters --> "C:\Program Files\Oberon Media\Pat Sajaks Lucky Letters\Uninstall.exe" "C:\Program Files\Oberon Media\Pat Sajaks Lucky Letters\install.log"
Poker Superstars 2 --> "C:\Program Files\Oberon Media\Poker Superstars 2\Uninstall.exe" "C:\Program Files\Oberon Media\Poker Superstars 2\install.log"
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
QuickTime Alternative 1.95 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Rainbow Web --> "C:\Program Files\Oberon Media\Rainbow Web\Uninstall.exe" "C:\Program Files\Oberon Media\Rainbow Web\install.log"
Ricochet Lost Worlds --> "C:\Program Files\Oberon Media\Ricochet Lost Worlds\Uninstall.exe" "C:\Program Files\Oberon Media\Ricochet Lost Worlds\install.log"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Slingo --> "C:\Program Files\Oberon Media\Slingo\Uninstall.exe" "C:\Program Files\Oberon Media\Slingo\install.log"
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tiks Texas Hold em --> "C:\Program Files\Oberon Media\Tiks Texas Hold em\Uninstall.exe" "C:\Program Files\Oberon Media\Tiks Texas Hold em\install.log"
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wonderland - Secret Worlds --> "C:\Program Files\Oberon Media\Wonderland - Secret Worlds\Uninstall.exe" "C:\Program Files\Oberon Media\Wonderland - Secret Worlds\install.log"
XML Paper Specification Shared Components Pack 1.0 -->
Zuma Deluxe --> "C:\Program Files\Oberon Media\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Zuma Deluxe\install.log"
-- Application Event Log -------------------------------------------------------
Event Record #/Type851 / Success
Event Submitted/Written: 02/24/2008 00:59:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type832 / Success
Event Submitted/Written: 02/21/2008 11:26:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type781 / Success
Event Submitted/Written: 02/13/2008 00:16:01 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type766 / Success
Event Submitted/Written: 02/10/2008 07:26:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type760 / Error
Event Submitted/Written: 02/10/2008 00:35:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application nero.exe, version 6.6.0.14, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type3614 / Error
Event Submitted/Written: 02/24/2008 00:47:05 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AliIde
PCIIde
Pcmcia
ViaIde
Event Record #/Type3612 / Error
Event Submitted/Written: 02/24/2008 00:46:56 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
Event Record #/Type3611 / Error
Event Submitted/Written: 02/24/2008 00:46:56 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type3610 / Error
Event Submitted/Written: 02/24/2008 00:46:54 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type3609 / Error
Event Submitted/Written: 02/24/2008 00:46:54 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
-- End of Deckard's System Scanner: finished at 2008-02-24 13:24:50 ------------
HIJACKTHIS...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:54 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3...sario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\eREAD6.0\IEeREAD.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
--
End of file - 10459 bytes
|
|
LTDevil
Suspended due to non-functional email address
|
24. February 2008 @ 00:41 |
Link to this message
|
|
|
|
lackadaiz
Suspended due to non-functional email address
|
24. February 2008 @ 08:42 |
Link to this message
|
|
|
|
LTDevil
Suspended due to non-functional email address
|
24. February 2008 @ 16:47 |
Link to this message
|
|
When you go to the symantec link, click on the REMOVAL tab. This shows you how to remove the threat. After your done doing that. You need to run a trojan removal tool.
|
|
lackadaiz
Suspended due to non-functional email address
|
5. March 2008 @ 10:50 |
Link to this message
|
Originally posted by LTDevil:
When you go to the symantec link, click on the REMOVAL tab. This shows you how to remove the threat. After your done doing that. You need to run a trojan removal tool.
even so it does not correct the REGEDIT values....
|
Senior Member
|
5. March 2008 @ 21:07 |
Link to this message
|
This message has been edited since posting. Last time this message was edited on 5. March 2008 @ 21:09
|
|
Advertisement
|
|
|
|
sunny1989
Inactive
|
27. July 2008 @ 00:55 |
Link to this message
|
Hi i was recently infected with this KAVO virus and i brought the hell outtaa me for 2 days. I searched like mad for methods to remove it none worked at last i came across this blog and NOW THE VIRUS IS TOTALLY GONE. all those suffering from kavo virus go to this link and download KAVO VIRUS REMOVER
http://adi-software-center.blogspot.com/...ll-version.html
it instantly removed the virus within 5 mins from the whole hard drive and the best part is that u have to do nothing just run it and relax
The virus would not let me see my hidden files or open my yahoo messenger.
but now its all working fine
|
|
