1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems after Ghost.pif

Discussion in 'Windows - Virus and spyware problems' started by hhaneh, Jul 13, 2007.

  1. hhaneh

    hhaneh Member

    Joined:
    Apr 26, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    After i clear this virus (Ghost.pif) my IE have some problems. I cannot view youtube videos, where it state that i need to enable my javascript on and install a new version of flash player. However i already uninstall and reinstall flashplayer and turn on the script.Moreover when i go to the adobe website, i cannot see the install now icon. However i can see it if i'm using mozilla.

    Also, i have tried to reinstalling IE 7 but after that my IE cannot view http://runonce.msn.com/runonce2.aspx
    So i already disable this page by go to regedit.

    Anyone help me pls to solve the my IE problems?? What is going on......


    Here are the files i deleted by following the instruction at the internet to delete this virus

    C:\DOCUME~1\admin\LOCALS~1\Temp\woso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\fyso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\jtso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wlso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wgso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wmso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\qjso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\rxso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wdso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\tlso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\daso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\daso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\tlso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\wdso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\wmso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\rxso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\qjso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\wgso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\wlso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\jtso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\fyso0.dll
    C:\DOCUME~1\admin\LOCALS~1\Temp\woso0.dll

    C:\DOCUME~1\admin\LOCALS~1\Temp\WIKLD.exe

    C:\Program Files\Common Files\Relive.dll
    C:\Program Files\Common Files\svchost.exe
    C:\Program Files\Internet Explorer\msvcrt.bak
    C:\Program Files\Internet Explorer\msvcrt.dll
    C:\Program Files\Internet Explorer\msvcrt.ebk
    C:\WINDOWS\system32\nwizzhuxians.exe
    C:\WINDOWS\system32\Packet.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\Program Files\Internet Explorer\romdrivers.bak
    C:\Program Files\Internet Explorer\romdrivers.bkk
    C:\Program Files\Internet Explorer\romdrivers.dll
    C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchost.exe


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    C:\DOCUME~1\admin\LOCALS~1\Temp\woso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\fyso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\jtso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wlso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wgso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wmso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\qjso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\rxso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\wdso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\tlso.exe
    C:\DOCUME~1\admin\LOCALS~1\Temp\daso.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {0EA12C16-CDEF-6AC1-236E-CD3FE82F5213} C:\Program Files\Internet Explorer\msvcrt.dll [Microsoft Corporation]
    {05AD2E16-C6EF-6AC1-136A-CE3FD8EF5613} C:\Program Files\Internet Explorer\msvcrt.dll




    Logfile of HijackThis v1.99.1
    Scan saved at 12:59:43 AM, on 7/15/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\ACEngSvr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\sysreset\mirc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\hijackthis_199\abc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: ?ì3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files\ASUS\ATK Media\DMEDIA.EXE"
    O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB002" /M "Stylus C45"
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [dasa] C:\DOCUME~1\HCL\LOCALS~1\Temp\daso.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: MultiFrame.lnk = ?
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://gemsweb.ntu.edu.sg/Citrix/ICAWEB/en/ica32/wficat.cab
    O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://activex.microsoft.com/controls/dashboard/msddsc.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155191083828
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155191071593
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} (AcuViewer Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/acuviewer.cab
    O16 - DPF: {CD79C574-4775-4A42-A66B-D7071AE095AF} (SlideViewerOcx Control) - http://presentur.ntu.edu.sg/aculearn-idm/dlls/SlideViewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
    O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: ipp - (no CLSID) - (no file)
    O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
    O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
    O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
    O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
    O18 - Protocol: msdaipp - (no CLSID) - (no file)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
    O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
    O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

     
    Last edited: Jul 14, 2007
    hhaneh, Jul 13, 2007
    #1
  2. Fredil

    Fredil Regular member

    Joined:
    Jul 19, 2006
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    26
    Please download HijackThis form the link provided. Save it into a permanent directory, like C:\Program Files\HijackThis. After you download it, it will create a shortcut on the Desktop. Double-click that shortcut to run HijackThis. Click "Do a system scan and save a logfile". After the scan a logfile will be saved and opened; copy the contents of that log into your reply.
     
    Fredil, Jul 14, 2007
    #2
  3. jen90

    jen90 Member

    Joined:
    Jul 20, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    I install Prevx 2.0 because i thought it can remove ghost.pif but if cause my computer to slow down so i decided to uninstall it.After i uninstall i cannot go online anymore because it will crash every time i do so.I am wondering whether ghost.pif cause the problem to occur or the uninstall of Prevx 2.0.Is there a way where i can solve this problem.
     
    jen90, Jul 20, 2007
    #3
  4. hhaneh

    hhaneh Member

    Joined:
    Apr 26, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    11
    Sorry for late reply, because i join 4 days camp. Em, for what i know is the ghost.pif will cause these anti virus program to stop function.

    SOFTWARE\\rising\\Rav
      SOFTWARE\\Kingsoft\\AntiVirus
      SOFTWARE\\JiangMin
      SOFTWARE\KasperskyLab\InstalledProducts\Kaspersky Anti-Virus Personal
      SOFTWARE\\KasperskyLab\\SetupFolders
      SOFTWARE\Network Associates\TVD\Shared Components\Framework
      SOFTWARE\Eset\Nod\CurrentVersion\Info
      SOFTWARE\\Symantec\\SharedUsage
      SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe


    Delete this FOLDER ws2_32.dll which created under safe mode then your software should be can use d. But beware of your system time, it might be changed.

    Also, i think my com cannot use Prevx 2.0 d...cause last time i install the Prevx1 and is already over the trial periods. By the way i think karspersky can be used to delete this virus. Because i didn't realise that i will create that folder to cause it not functioning. As a result i cannot used karspersky. After i delete the file it cause my system times to changed. Then my karspersky trial period become expired d and i change back to current time also cannot be used d. I'm still wonder who can help me to fix my IE. Actually i don't like to format computer because it seems to be surrender to the virus or trojans only. So is anyone can help me?? I dunno how to fix 018 hijackthis part. Because i think there is some problems there. Since i didn't saw much 018 line last time when i scan a log.
     
    hhaneh, Jul 22, 2007
    #4
  5. jen90

    jen90 Member

    Joined:
    Jul 20, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    btw i now you just don't want to surrender but i need to use the computer so i have just formatted my partition a few weeks ago. and now i am so happy to get a new hardisk or actually a brand new computer especially after you formatted it.i do thanks for your information but it is a little too late for my computer now.
     
    jen90, Aug 13, 2007
    #5

Share This Page