Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 15:40
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > kavo.exe; temp/u.dll; ee2m.dll;
Show topics
 
Forums
Forums
kavo.exe; temp/u.dll; ee2m.dll;
  Jump to:
 
Posted Message
syahzuan
Newbie
_ 		26. February 2008 @ 14:33 _ Link to this message    Send private message to this user   
kavo is an unknown programme i have detected on start up, googled it a bit i think it's a malware.
u.dll and e2mm.dll are found by AVG.

i have AVG free edition, zonalarm and Adaware 07.

i have seen similar thread so i will post the log of dss and hijackthis 1st. thanks for reading this thread.

Deckard's System Scanner v20071014.68
Run by IP Solution on 2008-02-27 03:29:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 191 MiB (512 MiB recommended).


-- HijackThis (run as IP Solution.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:50 AM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IP Solution\My Documents\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IPSOLU~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKLM\..\Policies\Explorer\Run: [explorer] '.vbe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Custom...DataManager.CAB
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5981 bytes

-- Files created between 2008-01-27 and 2008-02-27 -----------------------------

2008-02-25 20:32:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-25 19:24:48 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-25 19:24:48 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-02-25 19:24:48 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-25 19:24:48 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-25 19:24:48 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-02-25 19:24:48 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-25 19:24:48 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-02-25 19:24:48 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-25 19:24:48 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-25 19:24:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-25 19:24:48 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-25 19:24:47 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-25 19:24:47 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-25 19:24:47 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-25 18:53:45 0 d-------- C:\Program Files\Trend Micro
2008-02-25 13:29:26 0 dr-h----- C:\Documents and Settings\IP Solution\Recent
2008-02-25 13:23:12 0 d-------- C:\Program Files\CCleaner
2008-02-20 12:50:07 96768 -r-hs---- C:\WINDOWS\system32\kavo1.dll
2008-02-20 07:16:21 113963 -r-hs---- C:\h2.com
2008-02-19 23:09:52 96768 -r-hs---- C:\WINDOWS\system32\kavo0.dll
2008-02-19 23:09:52 113963 -r-hs---- C:\WINDOWS\system32\kavo.exe
2008-02-18 17:03:47 0 d--hs---- C:\Documents and Settings\All Users\Application
2008-02-18 17:03:33 11102 -r-hs---- C:\WINDOWS\system32\.vbs
2008-02-18 17:03:33 14 ---hs---- C:\WINDOWS\system32\.pif
2008-02-18 17:03:14 11102 ---hs---- C:\WINDOWS\system32\winsp2.vbs
2008-02-16 01:09:53 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2008-02-16 01:09:53 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-02-16 01:09:53 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-02-16 01:09:52 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2008-02-16 01:09:51 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-02-16 01:09:51 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-02-16 01:09:50 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-02-16 01:09:48 0 d-------- C:\Program Files\Free Audio Pack
2008-02-14 23:59:40 0 d-------- C:\Documents and Settings\IP Solution\.insightPoint
2008-02-14 23:58:40 0 d-------- C:\Program Files\icytec
2008-02-02 04:19:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-01 12:24:49 0 d-------- C:\Program Files\uTIPu
2008-02-01 12:06:07 2048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2008-02-01 12:06:05 147456 --a------ C:\WINDOWS\system32\bsratwmv.dll
2008-02-01 12:06:03 585728 --a------ C:\WINDOWS\system32\bsratswf.dll
2008-02-01 12:06:00 0 d-------- C:\Program Files\Bulent's Screen Recorder 4
2008-02-01 11:53:41 0 d-------- C:\Program Files\Common Files\MAGIX Shared
2008-02-01 11:53:26 1089536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL <Not Verified; eHelp Corporation.; RoboHelp for Word X3>
2008-02-01 11:53:26 49152 --a------ C:\WINDOWS\system32\INETWH32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-02-01 11:53:25 85504 --a------ C:\WINDOWS\system32\HtmlWH.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-02-01 11:52:56 638976 --a------ C:\WINDOWS\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-02-01 11:52:56 0 d-------- C:\WINDOWS\system32\MAGIX
2008-02-01 11:50:52 0 d-------- C:\Documents and Settings\IP Solution\Application Data\Any Video Converter
2008-02-01 11:50:43 0 d-------- C:\Program Files\Any Video Converter


-- Find3M Report ---------------------------------------------------------------

2008-02-27 02:26:48 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat
2008-02-25 13:40:19 0 d-------- C:\Documents and Settings\IP Solution\Application Data\AVG7
2008-02-20 11:23:36 0 d-------- C:\Program Files\Common Files
2008-02-18 17:03:10 11 ---hs---- C:\WINDOWS\system32\date.bin
2008-01-30 15:15:35 0 d-------- C:\Documents and Settings\IP Solution\Application Data\AdobeUM
2008-01-25 10:41:51 0 d-------- C:\Program Files\wscite175
2008-01-23 13:17:08 0 d-------- C:\Documents and Settings\IP Solution\Application Data\Notepad++
2008-01-21 23:26:26 0 d-------- C:\Program Files\Power Tab Software
2008-01-21 22:47:39 0 d-------- C:\Program Files\FretPro
2008-01-03 14:48:04 0 d-------- C:\Program Files\QuickTime
2008-01-03 14:33:55 0 d-------- C:\Documents and Settings\IP Solution\Application Data\oald7
2008-01-03 14:32:45 0 dr-h----- C:\Documents and Settings\IP Solution\Application Data\SecuROM
2008-01-03 14:32:38 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-01-03 14:32:03 0 d-------- C:\Program Files\TEXTware
2008-01-03 14:32:03 0 d-------- C:\Program Files\IDM
2008-01-03 14:31:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-03 14:21:29 0 d-------- C:\Program Files\Oxford
2008-01-01 21:49:33 0 d-------- C:\Program Files\GuitarVision
2008-01-01 20:36:36 0 d-------- C:\Program Files\TablEdit
2007-12-31 18:56:16 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-31 17:46:53 0 d-------- C:\Program Files\Family Games
2007-12-31 17:25:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 08:12 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/02/2005 08:11 PM]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [10/04/2003 03:10 AM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 06:31 AM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 06:32 AM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 06:32 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/20/2008 02:31 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/06/2007 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"kava"="C:\WINDOWS\system32\kavo.exe" [02/25/2008 07:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"explorer"='.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b936c60-6cd7-11dc-a1b7-829e72aab5d7}]
Auto\command- E:\autoregistry.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{669f78f0-63c3-11dc-a176-000f2027a90a}]
AutoRun\command- h2.com
explore\Command- h2.com
open\Command- h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ea80d0-6cba-11dc-a1b5-bf42dd2e88d6}]
AutoRun\command- E:\h2.com
explore\Command- E:\h2.com
open\Command- E:\h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ea80d1-6cba-11dc-a1b5-bf42dd2e88d6}]
AutoRun\command- F:\h2.com
explore\Command- F:\h2.com
open\Command- F:\h2.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99acc530-6c4a-11dc-a1b0-000f2027a90a}]
AutoRun\command- E:\SCVVHSOT.exe
Open\command- E:\SCVVHSOT.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5879f60-6cb4-11dc-a1b3-846136b652d6}]
AutoRun\command- E:\g2p3s.exe
explore\Command- E:\g2p3s.exe
open\Command- E:\g2p3s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcec4540-6460-11dc-a177-000f2027a90a}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcec4541-6460-11dc-a177-000f2027a90a}]
Auto\command- Ghost.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3a227c0-7565-11dc-a1dc-0060b31022ce}]
AutoRun\command- ntdelect.com
explore\Command- ntdelect.com
open\Command- ntdelect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6da3117-69e9-11dc-a1a4-e85d8c1540d7}]
AutoRun\command- wscript.exe .\'.vbs
open\command- wscript.exe .\'.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc6c8eee-7371-11dc-a1d6-c519159a261b}]
Auto\command- E:\autoregistry.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc6c8eef-7371-11dc-a1d6-c519159a261b}]
Auto\command- E:\autoregistry.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe




-- End of Deckard's System Scanner: finished at 2008-02-27 03:31:59 ------------
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > kavo.exe; temp/u.dll; ee2m.dll;
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork