1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help~! how to remove KAVO.exe??

Discussion in 'Windows - Virus and spyware problems' started by lackadaiz, Jan 13, 2008.

  1. lackadaiz

    lackadaiz Guest

  2. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    827
    Likes Received:
    0
    Trophy Points:
    26
  3. lackadaiz

    lackadaiz Guest

    Deckard's System Scanner v20071014.68
    Run by Syl & Huiling on 2008-01-15 13:24:59
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    6: 2008-01-15 05:25:09 UTC - RP6 - Deckard's System Scanner Restore Point
    5: 2008-01-14 16:02:54 UTC - RP5 - System Checkpoint
    4: 2008-01-12 17:53:51 UTC - RP4 - System Checkpoint
    3: 2008-01-11 16:41:51 UTC - RP3 - System Checkpoint
    2: 2008-01-10 16:14:58 UTC - RP2 - System Checkpoint


    -- First Restore Point --
    1: 2008-01-09 15:44:53 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone ------------------------------------------------------------


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-01-15 13:26:57
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    E:\Program Files\Greatis\RegRunSuite\WatchDog.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    E:\PROGRAMS\BitComet\BitComet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\Syl & Huiling\Desktop\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://1stopstation.blogspot.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
    O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
    O4 - HKLM\..\RunOnce: [hh7cx] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer
    O4 - HKLM\..\RunOnceEx: [Flags] 128
    O4 - HKLM\..\RunOnceEx: [Title] RegRun II Secure Start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: wbsys.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    --
    End of file - 9020 bytes

    -- File Associations -----------------------------------------------------------

    .bat - batfile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,51
    .chm - chm.file - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,15
    .hlp - hlpfile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,15
    .inf - inffile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,47
    .ini - inifile - DefaultIcon - E:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ROUNDer\ROUNDer.icl,47
    .js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3
    .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
    .vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 a2cf40z (a2cf40) - c:\windows\system32\drivers\a2cf40z.sys
    R3 RegGuard - c:\windows\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>

    S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
    S0 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    All services whitelisted.


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Multimedia Audio Controller
    Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_100A147B&REV_02\3&13C0B0C5&0&FD
    Manufacturer:
    Name: Multimedia Audio Controller
    PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_100A147B&REV_02\3&13C0B0C5&0&FD
    Service:


    -- Files created between 2007-12-15 and 2008-01-15 -----------------------------

    2008-01-09 19:04:50 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
    2008-01-09 19:03:29 25600 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
    2008-01-09 19:03:29 31138 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
    2008-01-09 19:03:29 0 d-------- C:\backreg
    2008-01-09 19:03:28 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Regrun
    2008-01-09 19:01:52 16384 --a------ C:\WINDOWS\WinBait.exe
    2008-01-09 19:01:52 441856 --a------ C:\WINDOWS\RunGuard.exe <Not Verified; Greatis Software; RegRun Security Suite>
    2008-01-08 23:56:02 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys <Not Verified; Greatis Software; RegRun Security Suite>
    2008-01-07 19:16:10 194560 --a------ C:\WINDOWS\jan-screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
    2008-01-07 19:16:03 0 d-------- C:\WINDOWS\jan-screensaver dir
    2008-01-07 19:16:03 12288 --a------ C:\WINDOWS\impborl.dll
    2008-01-07 19:16:03 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
    2008-01-07 19:12:40 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
    2008-01-07 19:12:40 232 --a------ C:\Documents and Settings\Syl & Huiling\MySony.dll
    2008-01-05 00:27:00 0 d--h----- C:\WINDOWS\PIF
    2008-01-03 15:56:41 0 d-------- C:\Program Files\MegauploadToolbar
    2008-01-03 15:56:40 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\MegauploadToolbar
    2008-01-02 17:09:04 0 d-------- C:\WINDOWS\system32\windows media
    2008-01-02 17:08:24 0 d--h----- C:\WINDOWS\msdownld.tmp
    2008-01-02 17:08:18 0 d-------- C:\Program Files\Windows Media Components
    2008-01-02 12:55:21 114222 -r-hs---- C:\copetttt.com
    2007-12-29 01:13:56 0 d-------- C:\Program Files\Real Alternative
    2007-12-29 00:58:16 164352 --a------ C:\WINDOWS\system32\unrar.dll
    2007-12-29 00:58:13 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2007-12-29 00:58:12 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-12-29 00:58:12 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-12-29 00:58:11 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-12-29 00:58:11 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-12-29 00:58:11 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-29 00:58:10 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-12-27 09:00:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony Corporation
    2007-12-26 23:55:52 0 d-------- C:\WINDOWS\system32\DLA
    2007-12-26 23:55:50 0 d-------- C:\Program Files\Sonic
    2007-12-26 23:46:40 0 d-------- C:\Program Files\Sony
    2007-12-26 23:45:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
    2007-12-26 23:45:15 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InstallShield
    2007-12-26 23:28:52 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
    2007-12-26 23:28:52 0 d-------- C:\Drivers
    2007-12-26 19:37:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Real
    2007-12-26 17:39:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\DivX
    2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files\xing shared
    2007-12-26 14:41:17 0 d-------- C:\Program Files\Common Files\Real
    2007-12-26 14:41:16 0 d-------- C:\Program Files\Real
    2007-12-23 09:25:42 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Publish Providers
    2007-12-23 09:24:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-23 09:24:37 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony
    2007-12-23 09:19:49 0 d-------- C:\Program Files\Vstplugins
    2007-12-23 09:19:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony


    -- Find3M Report ---------------------------------------------------------------

    2008-01-14 18:54:27 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2008-01-14 18:54:27 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2008-01-04 13:05:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-12-26 23:56:40 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-26 23:28:20 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files
    2007-12-23 09:05:26 0 d-------- C:\Program Files\Common Files\Adobe
    2007-12-13 10:31:11 0 d-------- C:\Program Files\MSN Messenger
    2007-12-12 06:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-12-11 22:03:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sun
    2007-12-11 08:25:05 0 d-------- C:\Program Files\MSXML 4.0
    2007-12-11 08:05:07 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\vlc
    2007-12-10 23:10:47 20541 --a------ C:\WINDOWS\system32\detoured.dll <Not Verified; Microsoft Corporation; Microsoft Research Detours Package>
    2007-12-10 23:10:47 515584 --a------ C:\WINDOWS\Install2154.exe
    2007-12-10 19:42:05 1279 --a------ C:\WINDOWS\mozver.dat
    2007-12-10 19:41:50 0 d-------- C:\Program Files\Java
    2007-12-10 19:39:51 0 d-------- C:\Program Files\Common Files\Java
    2007-12-10 19:26:01 0 d-------- C:\Program Files\eREAD6.0
    2007-12-10 19:16:34 0 d-------- C:\Program Files\Windows Live Safety Center
    2007-12-10 19:01:51 0 --a------ C:\WINDOWS\acdsee321.dll
    2007-12-10 18:58:14 58368 --a------ C:\WINDOWS\system32\SkypeClient.exe <Not Verified; ; SkypeClient ????>
    2007-12-10 18:03:24 0 d-------- C:\Program Files\Common Files\Stardock
    2007-12-10 17:35:59 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\WinRAR
    2007-12-09 22:52:30 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Media Player Classic
    2007-12-08 09:52:02 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2007-12-08 01:49:56 0 d-------- C:\Program Files\Common Files\ODBC
    2007-12-08 01:49:53 0 d-------- C:\Program Files\Common Files\SpeechEngines
    2007-12-08 01:49:30 62 --ahs---- C:\Documents and Settings\Syl & Huiling\Application Data\desktop.ini
    2007-12-08 01:16:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Symantec
    2007-12-08 00:16:04 0 d-------- C:\Program Files\Symantec
    2007-12-07 23:48:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Macromedia
    2007-12-07 23:48:34 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Adobe
    2007-12-07 23:42:19 0 d-------- C:\Program Files\Stardock
    2007-12-07 23:41:38 0 d-------- C:\Program Files\Windows Live
    2007-12-07 23:41:12 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-12-07 23:16:50 0 d-------- C:\Program Files\New Folder
    2007-12-07 23:15:34 0 --a------ C:\WINDOWS\nsreg.dat
    2007-12-07 23:15:32 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Mozilla
    2007-12-07 23:12:37 0 d-------- C:\Program Files\Microsoft Works
    2007-12-07 23:12:21 0 d-------- C:\Program Files\MSBuild
    2007-12-07 23:11:12 0 d-------- C:\Program Files\Microsoft.NET
    2007-12-07 23:09:34 0 d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-12-07 22:52:27 0 d-------- C:\Program Files\MSXML 6.0
    2007-12-07 19:37:43 0 d-------- C:\Program Files\Reference Assemblies
    2007-12-07 19:34:20 0 d-------- C:\Program Files\Windows Media Connect 2
    2007-12-07 19:24:17 0 d-------- C:\Program Files\Messenger
    2007-12-07 19:07:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InterTrust
    2007-12-07 19:00:17 0 d-------- C:\Program Files\Creative
    2007-12-07 18:26:33 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Identities
    2007-12-07 18:13:38 0 d-------- C:\Program Files\microsoft frontpage
    2007-12-07 18:13:18 0 -rahs---- C:\MSDOS.SYS
    2007-12-07 18:13:18 0 -rahs---- C:\IO.SYS
    2007-12-07 18:13:18 0 --a------ C:\CONFIG.SYS
    2007-12-07 18:13:18 0 --a------ C:\AUTOEXEC.BAT
    2007-12-07 18:11:44 0 d--h----- C:\Program Files\WindowsUpdate
    2007-12-07 18:11:03 0 d-------- C:\Program Files\Common Files\MSSoap
    2007-12-07 18:10:56 0 d-------- C:\Program Files\Movie Maker
    2007-12-07 18:10:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
    2007-12-07 18:09:50 0 d-------- C:\Program Files\Online Services
    2007-12-07 18:09:41 0 d-------- C:\Program Files\MSN Gaming Zone
    2007-12-07 18:09:34 0 d-------- C:\Program Files\Windows NT


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
    "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 01:00 AM]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "BootSkin Startup Jobs"="E:\PROGRAMS\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2007 12:49 AM]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
    "RegRun WinBait"="C:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
    "@RegRunOnSecure"="e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
    "Regrun2"="e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [12/17/2007 12:30 PM]
    "Registry"="e:\Program Files\Greatis\RegRunSuite\lsoon.exe" [12/17/2007 12:28 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "hh7cx"=%systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer

    C:\Documents and Settings\Syl & Huiling\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/26/2007 11:47:00 PM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F552DDE6-2090-4bf4-B924-6141E87789A5}"= e:\Program Files\Greatis\RegRunSuite\RRShell.dll [11/02/2004 09:15 AM 368711]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dac2540-a4b5-11dc-a604-00508d4e20d5}]
    AutoRun\command- H:\f.cmd
    explore\Command- H:\f.cmd
    open\Command- H:\f.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdfb87f-a662-11dc-a60d-00508d4e20d5}]
    AutoRun\command- L:\copetttt.com
    explore\Command- L:\copetttt.com
    open\Command- L:\copetttt.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f54-a4eb-11dc-b2cb-806d6172696f}]
    AutoRun\command- f.cmd
    explore\Command- f.cmd
    open\Command- f.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f55-a4eb-11dc-b2cb-806d6172696f}]
    AutoRun\command- f.cmd
    explore\Command- f.cmd
    open\Command- f.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3118f57-a4eb-11dc-b2cb-806d6172696f}]
    AutoRun\command- f.cmd
    explore\Command- f.cmd
    open\Command- f.cmd

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2008-01-15 13:29:28 ------------

     
  4. lackadaiz

    lackadaiz Guest

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 2.40GHz
    Percentage of Memory in Use: 65%
    Physical Memory (total/avail): 1023.48 MiB / 355.09 MiB
    Pagefile Memory (total/avail): 2462 MiB / 1811.21 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1918.11 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 24.41 GiB total, 6.69 GiB free.
    D: is Fixed (NTFS) - 372.61 GiB total, 215.85 GiB free.
    E: is Fixed (NTFS) - 87.37 GiB total, 85.87 GiB free.
    F: is CDROM (CDFS)
    G: is CDROM (Unformatted)

    \\.\PHYSICALDRIVE0 - ST3120026A - 111.79 GiB - 2 partitions
    \PARTITION0 - Extended w/Extended Int 13 - 24.41 GiB - C:
    \PARTITION1 (bootable) - Installable File System - 87.37 GiB - E:

    \\.\PHYSICALDRIVE1 - ST3400620A - 372.61 GiB - 1 partition
    \PARTITION0 - Installable File System - 372.61 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.

    FW: Norton 360 v2007 (SYMANTEC Corporation)
    AV: Norton 360 v2007 (SYMANTEC Corperation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Syl & Huiling\Application Data
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MOJO
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Syl & Huiling
    LOGONSERVER=\\MOJO
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\SYL&HU~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\SYL&HU~1\LOCALS~1\Temp
    USERDOMAIN=MOJO
    USERNAME=Syl & Huiling
    USERPROFILE=C:\Documents and Settings\Syl & Huiling
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Syl & Huiling (admin)


    -- Add/Remove Programs ---------------------------------------------------------



    -- Application Event Log -------------------------------------------------------

    Event Record #/Type1849 / Success
    Event Submitted/Written: 01/14/2008 10:43:05 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type1800 / Success
    Event Submitted/Written: 01/13/2008 05:27:19 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type1700 / Success
    Event Submitted/Written: 01/11/2008 00:30:42 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type1685 / Success
    Event Submitted/Written: 01/10/2008 03:11:37 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type1656 / Success
    Event Submitted/Written: 01/09/2008 07:35:17 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type2929 / Error
    Event Submitted/Written: 01/15/2008 01:18:40 PM
    Event ID/Source: 8003 / MRxSmb
    Event Description:
    The master browser has received a server announcement from the computer USER-2FB3F736A7
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
    The master browser is stopping or an election is being forced.

    Event Record #/Type2928 / Warning
    Event Submitted/Written: 01/15/2008 00:11:01 PM
    Event ID/Source: 36 / W32Time
    Event Description:
    The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Event Record #/Type2927 / Error
    Event Submitted/Written: 01/15/2008 00:06:35 PM
    Event ID/Source: 8003 / MRxSmb
    Event Description:
    The master browser has received a server announcement from the computer USER-2FB3F736A7
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
    The master browser is stopping or an election is being forced.

    Event Record #/Type2926 / Error
    Event Submitted/Written: 01/15/2008 11:06:30 AM
    Event ID/Source: 8003 / MRxSmb
    Event Description:
    The master browser has received a server announcement from the computer USER-2FB3F736A7
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
    The master browser is stopping or an election is being forced.

    Event Record #/Type2922 / Error
    Event Submitted/Written: 01/15/2008 10:06:28 AM
    Event ID/Source: 8003 / MRxSmb
    Event Description:
    The master browser has received a server announcement from the computer USER-2FB3F736A7
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F4CE6F5-1E7.
    The master browser is stopping or an election is being forced.



    -- End of Deckard's System Scanner: finished at 2008-01-15 13:29:28 ------------

     
  5. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    827
    Likes Received:
    0
    Trophy Points:
    26
    Reboot into safe mode. Open HJK. Click, Do a system scan only. Place ticks (check marks) next to all the items listed below. Click, "Fix checked" Click, yes. Reboot into normal mode, run HJK and post a new log.

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\RunOnce: [hh7cx] %systemroot%\system32\Rundll32.exe %systemroot%\system32\hh7cx.dll,DllUnregisterServer

    O4 - HKLM\..\RunOnceEx: [Flags] 128

    O4 - HKLM\..\RunOnceEx: [Title] RegRun II Secure Start

    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
     
    Last edited: Jan 16, 2008
  6. lackadaiz

    lackadaiz Guest

    Deckard's System Scanner v20071014.68
    Run by Syl & Huiling on 2008-02-20 01:01:39
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    System Drive C: has 2.48 GiB (less than 15%) free.


    -- HijackThis (run as Syl & Huiling.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:01:51 AM, on 2/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Syl & Huiling\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Syl & Huiling.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
    O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] e:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8888 bytes

    -- Files created between 2008-01-20 and 2008-02-20 -----------------------------

    2008-02-20 00:45:12 0 d-------- C:\Program Files\Trend Micro
    2008-02-10 11:29:12 0 dr-h----- C:\Documents and Settings\Syl & Huiling\Recent
    2008-02-04 17:44:29 0 d-------- C:\Program Files\uTorrent
    2008-02-04 17:44:20 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\uTorrent
    2008-02-02 00:04:42 0 d-------- C:\Program Files\Common Files\LightScribe
    2008-02-02 00:02:30 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
    2008-02-02 00:01:29 0 d-------- C:\Program Files\Common Files\Nero
    2008-02-01 23:11:10 2973696 -----n--- C:\WINDOWS\UNNeroVision.exe <Not Verified; Nero AG; Nero Web Engine>
    2008-02-01 23:09:17 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
    2008-02-01 23:09:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-02-01 23:09:16 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2008-02-01 23:09:16 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2008-02-01 23:09:15 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
    2008-02-01 23:09:15 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
    2008-02-01 23:09:15 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2008-02-01 23:08:59 0 d-------- C:\Program Files\Common Files\Ahead
    2008-02-01 23:08:57 0 d-------- C:\Program Files\Ahead
    2008-02-01 18:53:41 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Leadertech
    2008-02-01 18:53:33 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sonic
    2008-02-01 18:53:23 0 d-------- C:\Program Files\Common Files\Sonic
    2008-01-31 03:44:57 0 dr-h----- C:\$VAULT$.AVG
    2008-01-31 02:53:01 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\AVG7
    2008-01-31 02:50:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-31 02:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-31 02:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-23 17:54:03 0 d-------- C:\eREAD6.0
    2008-01-22 11:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-22 11:49:02 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Nokia Multimedia Player


    -- Find3M Report ---------------------------------------------------------------

    2008-02-20 00:50:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-02-20 00:41:37 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2008-02-20 00:41:37 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2008-02-02 00:04:42 0 d-------- C:\Program Files\Common Files
    2008-01-28 01:30:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Real
    2008-01-17 17:16:28 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-01-17 17:08:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Adobe
    2008-01-17 16:21:43 0 d-------- C:\Program Files\Common Files\Adobe
    2008-01-17 16:18:47 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-01-16 11:37:02 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Nokia
    2008-01-16 11:36:53 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\PC Suite
    2008-01-16 11:17:45 0 d-------- C:\Program Files\DIFX
    2008-01-16 11:16:16 0 d-------- C:\Program Files\Common Files\Nokia
    2008-01-16 11:16:14 0 d-------- C:\Program Files\Common Files\PCSuite
    2008-01-16 11:16:12 0 d-------- C:\Program Files\Nokia
    2008-01-16 11:15:17 0 d-------- C:\Program Files\PC Connectivity Solution
    2008-01-09 19:03:29 25600 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite>
    2008-01-09 19:03:29 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Regrun
    2008-01-07 19:17:26 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\MegauploadToolbar
    2008-01-07 19:16:10 194560 --a------ C:\WINDOWS\jan-screensaver.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
    2008-01-07 19:16:03 12288 --a------ C:\WINDOWS\impborl.dll
    2008-01-07 19:16:03 606848 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
    2008-01-07 19:09:18 102912 --a------ C:\WINDOWS\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
    2008-01-03 15:56:52 0 d-------- C:\Program Files\MegauploadToolbar
    2008-01-02 17:08:18 0 d-------- C:\Program Files\Windows Media Components
    2007-12-30 00:49:39 0 d-------- C:\Program Files\Real
    2007-12-30 00:49:25 0 d-------- C:\Program Files\Common Files\Real
    2007-12-29 01:13:57 0 d-------- C:\Program Files\Real Alternative
    2007-12-27 09:00:36 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony Corporation
    2007-12-26 23:55:50 0 d-------- C:\Program Files\Sonic
    2007-12-26 23:46:40 0 d-------- C:\Program Files\Sony
    2007-12-26 23:45:15 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\InstallShield
    2007-12-26 23:28:20 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-12-26 18:14:40 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\DivX
    2007-12-26 14:41:36 0 d-------- C:\Program Files\Common Files\xing shared
    2007-12-23 09:25:42 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Publish Providers
    2007-12-23 09:24:37 0 d-------- C:\Documents and Settings\Syl & Huiling\Application Data\Sony
    2007-12-23 09:19:49 0 d-------- C:\Program Files\Vstplugins
    2007-12-12 06:33:14 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-12-10 23:10:47 20541 --a------ C:\WINDOWS\system32\detoured.dll <Not Verified; Microsoft Corporation; Microsoft Research Detours Package>
    2007-12-10 19:42:05 1279 --a------ C:\WINDOWS\mozver.dat
    2007-12-10 19:01:51 0 --a------ C:\WINDOWS\acdsee321.dll
    2007-12-08 09:52:02 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2007-12-08 01:49:30 62 --ahs---- C:\Documents and Settings\Syl & Huiling\Application Data\desktop.ini
    2007-12-07 23:15:34 0 --a------ C:\WINDOWS\nsreg.dat
    2007-12-07 18:13:18 0 -rahs---- C:\MSDOS.SYS
    2007-12-07 18:13:18 0 -rahs---- C:\IO.SYS
    2007-12-07 18:13:18 0 --a------ C:\CONFIG.SYS
    2007-12-07 18:13:18 0 --a------ C:\AUTOEXEC.BAT
    2007-12-07 18:10:13 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM]
    "CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 01:00 AM]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 09:59 PM]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
    "BootSkin Startup Jobs"="E:\PROGRAMS\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2007 12:49 AM]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06/13/2006 05:20 AM]
    "RegRun WinBait"="C:\WINDOWS\winbait.exe" [12/12/2000 07:56 PM]
    "@RegRunOnSecure"="e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [01/22/2003 11:03 AM]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
    "Regrun2"="e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [12/17/2007 12:30 PM]
    "Registry"="e:\Program Files\Greatis\RegRunSuite\lsoon.exe" [12/17/2007 12:28 PM]

    C:\Documents and Settings\Syl & Huiling\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [12/26/2007 11:47:00 PM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{F552DDE6-2090-4bf4-B924-6141E87789A5}"= e:\Program Files\Greatis\RegRunSuite\RRShell.dll [11/02/2004 09:15 AM 368711]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 11:34 PM 24576 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dac2540-a4b5-11dc-a604-00508d4e20d5}]
    AutoRun\command- H:\lg.cmd
    explore\Command- H:\lg.cmd
    open\Command- H:\lg.cmd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72b381fc-b3c9-11dc-a616-00508d4e20d5}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abdfb87f-a662-11dc-a60d-00508d4e20d5}]
    AutoRun\command- q83iwmgf.bat
    explore\Command- q83iwmgf.bat
    open\Command- q83iwmgf.bat

    *Newly Created Service* - COMHOST



    -- End of Deckard's System Scanner: finished at 2008-02-20 01:02:40 ------------

    HIJACK THIS LOG


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:04:42 AM, on 2/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    E:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    E:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\PROGRAMS\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "E:\PROGRAMS\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
    O4 - HKLM\..\Run: [@RegRunOnSecure] e:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Regrun2] e:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    O4 - HKCU\..\Run: [Registry] "e:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "e:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] e:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\PROGRAMS\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8862 bytes

     
  7. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    827
    Likes Received:
    0
    Trophy Points:
    26
    Your HJK log is clean.

    Any questions?
     
  8. lackadaiz

    lackadaiz Guest

    Thanks quickdraw....how abt this? this is from another com...

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
    CPU 1: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
    Percentage of Memory in Use: 43%
    Physical Memory (total/avail): 1526.04 MiB / 857.79 MiB
    Pagefile Memory (total/avail): 3420.48 MiB / 2954.68 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1922.24 MiB

    C: is Fixed (NTFS) - 139.28 GiB total, 94.66 GiB free.
    D: is Fixed (FAT32) - 9.75 GiB total, 0.95 GiB free.
    E: is CDROM (No Media)
    G: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD1600BEVS-00UST0 - 149.05 GiB - 2 partitions
    \PARTITION0 (bootable) - Installable File System - 139.28 GiB - C:
    \PARTITION1 - Unknown - 9.77 GiB - D:



    -- Security Center -------------------------------------------------------------

    AUOptions is set to notify before download.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    AV: AVG 7.5.516 v7.5.516 (Grisoft)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\eREAD6.0\\eREAD_Cookcase.exe"="C:\\eREAD6.0\\eREAD_Cookcase.exe:*:Enabled:eREAD 6.0"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\syl\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=FELONE
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\syl
    LOGONSERVER=\\FELONE
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PCTYPE=PRESARIO
    PLATFORM=MCD
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0f06
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\syl\LOCALS~1\Temp
    TMP=C:\DOCUME~1\syl\LOCALS~1\Temp
    USERDOMAIN=FELONE
    USERNAME=syl
    USERPROFILE=C:\Documents and Settings\syl
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    syl (admin)
    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Program Files\InstallShield Installation Information\{02FB2C63-5763-4CDD-99E6-566C57189742}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{1CA432A0-DBC7-4C5D-A6B6-5DF0E2E44BB0}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
    --> C:\Program Files\InstallShield Installation Information\{3475FBEC-E0F5-4A3F-823E-6C1DEA10F1AF}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{4067A0B5-FB0B-479C-8735-6F48F8E21872}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe -runfromtemp -l0x0009 -removeonly
    --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\Setup.exe" -l0x9 anything
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
    Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
    Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
    Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
    Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
    Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    Bejeweled 2 Deluxe --> "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"
    BeTrapped! --> "C:\Program Files\Oberon Media\BeTrapped!\Uninstall.exe" "C:\Program Files\Oberon Media\BeTrapped!\install.log"
    BitComet 0.91 --> C:\Program Files\BitComet\uninst.exe
    Bookworm Deluxe --> "C:\Program Files\Oberon Media\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bookworm Deluxe\install.log"
    BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
    Bricks of Atlantis --> "C:\Program Files\Oberon Media\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\Oberon Media\Bricks of Atlantis\install.log"
    Bricks of Egypt --> "C:\Program Files\Oberon Media\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Oberon Media\Bricks of Egypt\install.log"
    Cake Mania --> "C:\Program Files\Oberon Media\Cake Mania\Uninstall.exe" "C:\Program Files\Oberon Media\Cake Mania\install.log"
    Chicken Rush --> "C:\Program Files\Oberon Media\Chicken Rush\Uninstall.exe" "C:\Program Files\Oberon Media\Chicken Rush\install.log"
    Chuzzle --> "C:\Program Files\Oberon Media\Chuzzle\Uninstall.exe" "C:\Program Files\Oberon Media\Chuzzle\install.log"
    Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -Iwis30B2a.inf
    Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
    Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
    EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
    ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
    Gem Shop --> "C:\Program Files\Oberon Media\Gem Shop\Uninstall.exe" "C:\Program Files\Oberon Media\Gem Shop\install.log"
    GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_wis30B2m\HXFSETUP.EXE -U -Iwis30B2m.INF
    Hexic --> "C:\Program Files\Oberon Media\Hexic\Uninstall.exe" "C:\Program Files\Oberon Media\Hexic\install.log"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    HP DVD Play 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
    HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
    HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
    HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
    HP User Guides 0027 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}\setup.exe" -l0x9 -removeonly
    HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
    IconPackager --> C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
    Insaniquarium Deluxe --> "C:\Program Files\Oberon Media\Insaniquarium Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Insaniquarium Deluxe\install.log"
    Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
    Intel(R) PRO Network Connections Drivers --> Prounstl.exe
    J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Jewel of Atlantis --> "C:\Program Files\Oberon Media\Jewel of Atlantis\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel of Atlantis\install.log"
    Jewel Quest --> "C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel Quest\install.log"
    Jigsaw 365 --> "C:\Program Files\Oberon Media\Jigsaw 365\Uninstall.exe" "C:\Program Files\Oberon Media\Jigsaw 365\install.log"
    K-Lite Mega Codec Pack 3.6.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
    Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
    Magic Ball 2 --> "C:\Program Files\Oberon Media\Magic Ball 2\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Ball 2\install.log"
    Magic Match --> "C:\Program Files\Oberon Media\Magic Match\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Match\install.log"
    Mahjong Match --> "C:\Program Files\Oberon Media\Mahjong Match\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Match\install.log"
    Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Money --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
    Mosiac - Tomb of Mystery --> "C:\Program Files\Oberon Media\Mosiac - Tomb of Mystery\Uninstall.exe" "C:\Program Files\Oberon Media\Mosiac - Tomb of Mystery\install.log"
    Mozaki Blocks --> "C:\Program Files\Oberon Media\Mozaki Blocks\Uninstall.exe" "C:\Program Files\Oberon Media\Mozaki Blocks\install.log"
    Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
    Mystery Case Files - Huntsville --> "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Oberon Media\Mystery Case Files - Huntsville\install.log"
    Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
    NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    Ocean Express --> "C:\Program Files\Oberon Media\Ocean Express\Uninstall.exe" "C:\Program Files\Oberon Media\Ocean Express\install.log"
    Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
    Pat Sajak’s Lucky Letters --> "C:\Program Files\Oberon Media\Pat Sajaks Lucky Letters\Uninstall.exe" "C:\Program Files\Oberon Media\Pat Sajaks Lucky Letters\install.log"
    Poker Superstars 2 --> "C:\Program Files\Oberon Media\Poker Superstars 2\Uninstall.exe" "C:\Program Files\Oberon Media\Poker Superstars 2\install.log"
    PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
    QuickTime Alternative 1.95 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
    Rainbow Web --> "C:\Program Files\Oberon Media\Rainbow Web\Uninstall.exe" "C:\Program Files\Oberon Media\Rainbow Web\install.log"
    Ricochet Lost Worlds --> "C:\Program Files\Oberon Media\Ricochet Lost Worlds\Uninstall.exe" "C:\Program Files\Oberon Media\Ricochet Lost Worlds\install.log"
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Slingo --> "C:\Program Files\Oberon Media\Slingo\Uninstall.exe" "C:\Program Files\Oberon Media\Slingo\install.log"
    Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
    SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
    Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
    Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Tiks Texas Hold em --> "C:\Program Files\Oberon Media\Tiks Texas Hold em\Uninstall.exe" "C:\Program Files\Oberon Media\Tiks Texas Hold em\install.log"
    Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
    Update Rollup 2 for Windows XP Media Center Edition 2005 -->
    Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
    WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
    Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    Wonderland - Secret Worlds --> "C:\Program Files\Oberon Media\Wonderland - Secret Worlds\Uninstall.exe" "C:\Program Files\Oberon Media\Wonderland - Secret Worlds\install.log"
    XML Paper Specification Shared Components Pack 1.0 -->
    Zuma Deluxe --> "C:\Program Files\Oberon Media\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Zuma Deluxe\install.log"


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type851 / Success
    Event Submitted/Written: 02/24/2008 00:59:16 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type832 / Success
    Event Submitted/Written: 02/21/2008 11:26:53 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type781 / Success
    Event Submitted/Written: 02/13/2008 00:16:01 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type766 / Success
    Event Submitted/Written: 02/10/2008 07:26:10 PM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type760 / Error
    Event Submitted/Written: 02/10/2008 00:35:30 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Hanging application nero.exe, version 6.6.0.14, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type3614 / Error
    Event Submitted/Written: 02/24/2008 00:47:05 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    The following boot-start or system-start driver(s) failed to load:
    AliIde
    PCIIde
    Pcmcia
    ViaIde

    Event Record #/Type3612 / Error
    Event Submitted/Written: 02/24/2008 00:46:56 PM
    Event ID/Source: 29 / W32Time
    Event Description:
    The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 15 minutes.
    NtpClient has no source of accurate time.

    Event Record #/Type3611 / Error
    Event Submitted/Written: 02/24/2008 00:46:56 PM
    Event ID/Source: 17 / W32Time
    Event Description:
    Time Provider NtpClient: An error occurred during DNS lookup of the manually
    configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
    minutes.
    The error was: A socket operation was attempted to an unreachable host. (0x80072751)

    Event Record #/Type3610 / Error
    Event Submitted/Written: 02/24/2008 00:46:54 PM
    Event ID/Source: 29 / W32Time
    Event Description:
    The time provider NtpClient is configured to acquire time from one or more
    time sources, however none of the sources are currently accessible.
    No attempt to contact a source will be made for 14 minutes.
    NtpClient has no source of accurate time.

    Event Record #/Type3609 / Error
    Event Submitted/Written: 02/24/2008 00:46:54 PM
    Event ID/Source: 17 / W32Time
    Event Description:
    Time Provider NtpClient: An error occurred during DNS lookup of the manually
    configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
    minutes.
    The error was: A socket operation was attempted to an unreachable host. (0x80072751)



    -- End of Deckard's System Scanner: finished at 2008-02-24 13:24:50 ------------


    HIJACKTHIS...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:19:54 PM, on 2/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_SG&c=64&bd=presario&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\eREAD6.0\IEeREAD.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 10459 bytes
     
  9. LTDevil

    LTDevil Guest

  10. lackadaiz

    lackadaiz Guest

  11. LTDevil

    LTDevil Guest

    When you go to the symantec link, click on the REMOVAL tab. This shows you how to remove the threat. After your done doing that. You need to run a trojan removal tool.
     
  12. lackadaiz

    lackadaiz Guest

    even so it does not correct the REGEDIT values....
     
  13. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    827
    Likes Received:
    0
    Trophy Points:
    26
  14. sunny1989

    sunny1989 Member

    Joined:
    Jun 12, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    11
    Hi i was recently infected with this KAVO virus and i brought the hell outtaa me for 2 days. I searched like mad for methods to remove it none worked at last i came across this blog and NOW THE VIRUS IS TOTALLY GONE. all those suffering from kavo virus go to this link and download KAVO VIRUS REMOVER

    http://adi-software-center.blogspot.com/2008/07/download-free-softwares-full-version.html

    it instantly removed the virus within 5 mins from the whole hard drive and the best part is that u have to do nothing just run it and relax

    The virus would not let me see my hidden files or open my yahoo messenger.
    but now its all working fine
     

Share This Page