Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - miszila

Pages: [1] 2

Tech Clinic / HJT log. adwares again..

« on: July 07, 2006, 10:41:55 PM »

i've done the above.. no virus was found..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / HJT log. adwares again..

« on: July 05, 2006, 09:39:37 AM »

i've updated all 3.. n i've scan my comp.

is there any other software that i can use to check before downloading a file? coz my Norton Anti-Virus, isnt n updated one(i dint upgrade/purchase the latest one).

Tech Clinic / HJT log. adwares again..

« on: June 29, 2006, 08:10:21 AM »

!bump

erm ya u're right.. the thin white line vanish... so i guess my comp is ok now?

Tech Clinic / HJT log. adwares again..

« on: June 28, 2006, 06:12:52 AM »

im not able to locate C:\WINDOWS\RmlaYQ
but i manage to delete the snowball wars.

my comp is running smoothly... no more ads popping out..

but however there's a thin white line surrounding all my folders on the desktop..

http://i16.photobucket.com/albums/b18/misz...de/untitled.jpg

Tech Clinic / HJT log. adwares again..

« on: June 27, 2006, 07:45:19 AM »

ok done.. but i cldnt find these in my hijack this log..

O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe

here's my latest HJT log..
Logfile of HijackThis v1.99.1
Scan saved at 8:42:03 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

n here's my Ewido

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:30:04 PM 6/27/2006

+ Scan result:

C:\WINDOWS\RmlaYQ\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\RmlaYQ\command.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\XPAgent.exe -> Downloader.Agent.acr : Cleaned with backup (quarantined).
C:\WINDOWS\ѕymbols\netdde.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
C:\Downloads\Fastmp3_Setup.exe -> Downloader.Small.czv : Cleaned with backup (quarantined).
C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\glmf32.exe -> Trojan.Agent.uy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kbdbene.exe -> Trojan.Agent.uy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmpui.exe -> Trojan.Agent.uy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4023.tmp -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Tech Clinic / HJT log. adwares again..

« on: June 26, 2006, 09:49:55 AM »

i've manage to fix the fix.reg
i've run the spybot destroy n i manage to remove all the service command..

here's my latest hijack this

Logfile of HijackThis v1.99.1
Scan saved at 10:45:54 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Tech Clinic / HJT log. adwares again..

« on: June 25, 2006, 10:27:04 AM »

haiz.. i've done everything.. even in safe mode..(refering to the fix.reg)

i did not download anything before that.. it suddenly turns blue.. but i can access the windows again..

tell u wat, i'll try to redo everything from the start n will update u again if i can fix the fix.reg...

Tech Clinic / HJT log. adwares again..

« on: June 23, 2006, 11:09:27 PM »

i seriously dont know where i went wrong.
just now, suddenly my comp turns blue..
& this came out..

STOP:c000021a {Fatal System Error}. the windows Logon Process system proces terminated unexpectedly with a status ...(?it ends there)
The system has been shut down.

and when i log on to the comp again.. this came out..
winlogon.exe encountered a problem and needed to close.

im so sorry to trouble u but this is the only forum which is willing to help me...

Tech Clinic / HJT log. adwares again..

« on: June 21, 2006, 09:31:11 AM »

heya, sorry for not being clear. i was referring to my Microsoft Anti Spyware Only. the icon still appear at my taskbar despite several attempts to shut it down. however, its written there that "realtime protection(disabled)"..

i followed ur instructions to fix.reg in safe mode but the same thing happen again..

when i entered sc delete cmdService, it came out
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service

n when i proceed to clicking on the fix.reg, this came out...
Cannot import c:\Documents and Settings\Zila\Desktop\fix.reg
The specified file is not a registry script.

You can only import binary registry files from within the registry editor

i already double check to make sure that i copied the right thing for the fix.reg...

Tech Clinic / HJT log. adwares again..

« on: June 20, 2006, 11:01:03 AM »

oh im so sorry. i thought u going to give me additional steps to disable my antispyware.. i will try disable-ing it again, remove the spysweeper n fix the reg.. i'll post in the results in a few mins time ok?

(edited)
when i entered sc delete cmdService, it came out
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

how shld i proceed?

(edited)
i juz proceed on clicking in the fix.reg. n scan again.. however the command service is still there..

Tech Clinic / HJT log. adwares again..

« on: June 19, 2006, 09:35:11 AM »

i tried to disable it lotsa times.. but after it unchecked, it becomes check again.. how? i already try restarting my computer but the box is still checked after several times trying..

oh ya my spysweeper is the trial version. i dwnloaded it to prevent the Look2me ads from coming out.. shld i uninstall it?

Tech Clinic / HJT log. adwares again..

« on: June 18, 2006, 11:00:27 AM »

here it is

--- Search result list ---
Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService

Command Service: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-06-16 Includes\Cookies.sbi (*)
2006-06-16 Includes\Dialer.sbi (*)
2006-06-16 Includes\Hijackers.sbi (*)
2006-06-16 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-06-16 Includes\Malware.sbi (*)
2006-06-16 Includes\PUPS.sbi (*)
2006-06-16 Includes\Revision.sbi (*)
2006-06-16 Includes\Security.sbi (*)
2006-06-16 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-06-16 Includes\Trojans.sbi (*)

--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885884
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901190)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Security Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)

--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: a7de471b5403dbf8afa4138a92b8012f

Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: acc7b414ef1abea6aa654b74cc9a90cf

Located: HK_LM:Run, BluetoothAuthenticationAgent
command: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
file: C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: da285490bbd8a1d0ce6623577d5ba1ff

Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 35e1f41f9cea284f8484172180dc1012

Located: HK_LM:Run, EPM-DM
command: C:\Acer\ePM\EPM-DM.exe
file: C:\Acer\ePM\EPM-DM.exe
size: 163840
MD5: 2e448702a7276fa5316e3087bf8a3e79

Located: HK_LM:Run, ePowerManagement
command: C:\Acer\ePM\ePM.exe boot
file: C:\Acer\ePM\ePM.exe
size: 2883584
MD5: a35215003fed9e82681a6fb5e3d2eb88

Located: HK_LM:Run, eRecoveryService
command: C:\Windows\System32\Check.exe
file: C:\Windows\System32\Check.exe
size: 245760
MD5: 61142fe8173a8b244aa5bfafba34aa0b

Located: HK_LM:Run, gcasServ
command: "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
file: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
size: 473928
MD5: e8177b5150cab1509d2e9807c3f6366c

Located: HK_LM:Run, IMJPMIG8.1
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7bbe4cf421aecc7f0226edd75f12079f

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: ff95f200b0cb3810382b355cf9f0bed9

Located: HK_LM:Run, LaunchApp
command: Alaunch
file: C:\WINDOWS\Alaunch.exe
size: 1703936
MD5: fcc604a58dd0d79c194bbcbe41f065a4

Located: HK_LM:Run, LManager
command: C:\Program Files\Launch Manager\QtZgAcer.EXE
file: C:\Program Files\Launch Manager\QtZgAcer.EXE
size: 303104
MD5: 2b377402d83e43cee4c66f60728fe9ee

Located: HK_LM:Run, LtMoh
command: C:\Program Files\ltmoh\Ltmoh.exe
file: C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: ba7c19b88af7efab8f9d447fde02cea5

Located: HK_LM:Run, MessengerPlus3
command: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
file: C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: b787d9a60fee9c3732c2e2d4571bb716

Located: HK_LM:Run, MSPY2002
command: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
file: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
size: 59392
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4

Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
file: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
size: 237568
MD5: 47fe14fd96648ef07957b8cabf992313

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216b3acc656cda8a5a0c3071ec0a408b

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 40960
MD5: 9cea6326d8e7c3ae994f23cd9e466605

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 67072
MD5: e622e1b8598029294312eeee9b02b699

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61a3a9d5d98bf0331df5b716144a8100

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
size: 100056
MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 532480
MD5: e24641ebcd05f55825516f816bb29272

Located: HK_LM:Run, SynTPLpr
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: 6dc4a31ec070a6696d4bdb351c336482

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: Startup (common), Adobe Gamma Loader.lnk
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: c2ff17734176cd15221c10044ef0ba1a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

--- Browser helper object list ---

--- ActiveX list ---
{13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class)
DPF name:
CLSID name: Controller Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
Path: C:\WINDOWS\system32\
Long name: WINSSWEBAGENT.DLL
Short name: WINSSW~1.DLL
Date (created): 3/15/2006 5:10:28 PM
Date (last access): 6/18/2006 3:26:20 AM
Date (last write): 3/15/2006 5:10:28 PM
Filesize: 551184
Attributes: archive
MD5: 43405522405440DAC6E7A36261B39D97
CRC32: C0C2BF1A
Version: 1.0.971.4

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
Path: C:\PROGRA~1\Java\JRE15~2.0_0\bin\
Long name: ssv.dll
Short name:
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 6/18/2006 1:57:10 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 184423
Attributes: archive
MD5: F01726F7CA8538FDD4663C9DB8FEAEDC
CRC32: 0111B892
Version: 5.0.60.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
Path: C:\Program Files\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 11/10/2005 1:03:56 PM
Date (last access): 6/18/2006 1:57:10 PM
Date (last write): 11/10/2005 1:22:10 PM
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object)
DPF name:
CLSID name: CGameManagerCtrl Object
Installer: C:\WINDOWS\Downloaded Program Files\DIGGameManager.inf
Codebase: https://disney.go.com/games/downloads/gamem...GameManager.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: DIGGameManager.dll
Short name: DIGGAM~1.DLL
Date (created): 1/6/2006 11:03:52 AM
Date (last access): 6/18/2006 11:49:16 PM
Date (last write): 1/6/2006 11:03:52 AM
Filesize: 229376
Attributes: archive
MD5: 9A89EA10A99937C46DF51A5A272987B7
CRC32: 8A23B774
Version: 1.2.0.13

--- Process list ---
PID: 0 ( 0) [System]
PID: 808 ( 4) \SystemRoot\System32\smss.exe
PID: 868 ( 808) \??\C:\WINDOWS\system32\csrss.exe
PID: 892 ( 808) \??\C:\WINDOWS\system32\winlogon.exe
PID: 936 ( 892) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 948 ( 892) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1112 ( 936) C:\WINDOWS\system32\Ati2evxx.exe
size: 389120
MD5: 4DEAA162480367B232F3EE3A6D34084B
PID: 1124 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1204 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1344 ( 936) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1396 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1624 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1916 ( 936) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 181872
MD5: 67DD2CF35CDB1864E06F10F1334C0C17
PID: 1928 ( 936) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 206552
MD5: 443E397643965E08C5AB6A6CAA732B97
PID: 1948 ( 936) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 173160
MD5: 08FA56B7C13B4CBF0E5D351AECAD92B1
PID: 1992 ( 936) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 198256
MD5: BEEE55546518F7010779A43F3ADFC3B3
PID: 460 ( 936) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 792 ( 936) C:\Acer\eManager\anbmServ.exe
size: 1287168
MD5: C10D0FAE427EA464EDEA2EE5DC40F056
PID: 1340 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1412 ( 936) C:\WINDOWS\system32\cisvc.exe
size: 5632
MD5: 3192BD04D032A9C4A85A3278C268A13A
PID: 1472 ( 936) C:\Program Files\ewido anti-malware\ewidoctrl.exe
size: 13888
MD5: 26830B750372AB1BF29C95DEEBEB802F
PID: 1504 ( 936) C:\Program Files\Norton AntiVirus\navapsvc.exe
size: 177264
MD5: 8FC8458BCB585617AAC9E17A558D9155
PID: 1540 ( 936) C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
size: 46704
MD5: 96DB6F2D69F787C61A46CC86D6CFE69F
PID: 1772 ( 936) C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
size: 2123264
MD5: CE9ADF8CE48E902FAA8AD43A18386DC3
PID: 1276 (1164) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1640 ( 936) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: AB0A7CA90D9E3D6A193905DC1715DED0
PID: 608 (1344) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 1136 (1276) C:\WINDOWS\SOUNDMAN.EXE
size: 67072
MD5: E622E1B8598029294312EEEE9B02B699
PID: 1256 (1276) C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: A7DE471B5403DBF8AFA4138A92B8012F
PID: 800 (1276) C:\Program Files\ltmoh\Ltmoh.exe
size: 184320
MD5: BA7C19B88AF7EFAB8F9D447FDE02CEA5
PID: 1264 (1276) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 98304
MD5: 6DC4A31EC070A6696D4BDB351C336482
PID: 1272 (1276) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 532480
MD5: E24641EBCD05F55825516F816BB29272
PID: 1288 (1276) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
size: 40960
MD5: 9CEA6326D8E7C3AE994F23CD9E466605
PID: 2052 (1276) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: ACC7B414EF1ABEA6AA654B74CC9A90CF
PID: 2132 (1276) C:\Acer\ePM\EPM-DM.exe
size: 163840
MD5: 2E448702A7276FA5316E3087BF8A3E79
PID: 2252 (1276) C:\Program Files\Launch Manager\QtZgAcer.EXE
size: 303104
MD5: 2B377402D83E43CEE4C66F60728FE9EE
PID: 2312 (1276) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 58992
MD5: 35E1F41F9CEA284F8484172180DC1012
PID: 2360 (1276) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 2504 (1276) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
size: 36975
MD5: 61A3A9D5D98BF0331DF5B716144A8100
PID: 2512 ( 936) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2624 (1276) C:\Program Files\iTunes\iTunesHelper.exe
size: 278528
MD5: FF95F200B0CB3810382B355CF9F0BED9
PID: 2656 (1276) C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216B3ACC656CDA8A5A0C3071EC0A408B
PID: 2716 (1276) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1AC2C58B587C70DE64582AD41EE79FBA
PID: 2796 (1276) C:\Program Files\MessengerPlus! 3\MsgPlus.exe
size: 190024
MD5: B787D9A60FEE9C3732C2E2D4571BB716
PID: 2872 ( 936) C:\Program Files\iPod\bin\iPodService.exe
size: 323584
MD5: 20AF3FDD673B9B4AE6FAE2C52598CC68
PID: 3196 (1124) C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
size: 756552
MD5: 6287BD6D1CE9CE18EA02908BF415BCB0
PID: 3500 ( 936) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
size: 176640
MD5: BF1ADC427620E14F45BC00447524A1DC
PID: 3968 (1652) C:\Program Files\acer\eRecovery\Monitor.exe
size: 348160
MD5: A96E126037BEA5F2C23ADE704BBA31EB
PID: 2868 ( 936) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3656 (1276) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 7094272
MD5: B83E12B5341C5DCECC5C217A824FFEB1
PID: 4076 (1276) C:\Program Files\Maxthon\Maxthon.exe
size: 886272
MD5: 27431443D704D0526D3B8730D8964D4F
PID: 3312 (1412) C:\WINDOWS\system32\cidaemon.exe
size: 8192
MD5: 582304F6F1946FA5068CF143D729D7ED
PID: 848 ( 936) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3868 (1276) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 1460 (1124) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 4 ( 0) System

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 6/18/2006 11:57:30 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.mofunzone.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main\Default_Search_URL
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.mysingtel.com.sg
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

--- Uninstall list ---
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) 04/06/2006 6.8.0.17 (010D072E91408D6B7C6FC65489B6D30C027605F5)
uninstall cmd: C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
publisher: Nokia

(Acer English Online Help Creator)
uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

(AddressBook)

Agere Systems AC'97 Modem (Agere Systems Soft Modem)
uninstall cmd: agrsmdel

ATI - Software Uninstall Utility 6.14.10.1010 (All ATI Software)
install location: C:\Program Files\ATI Technologies\UninstallAll
uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver 8.051-040825a-018055C-Acer (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

(Branding)

Canon S200SP (CANONBJ_Deinstall_CNMCP3y.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP3Y.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200SP Installer\Inst\DeIsL1.isu" -pCanon S200SP-c"C:\BJPrinter\CNMWINDOWS\Canon S200SP Installer\Inst\bjinst.dll

CleanUp! (CleanUp!)
uninstall cmd: C:\Program Files\CleanUp!\uninstall.exe

(Connection Manager)

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

ewido anti-malware (ewidoantimalware)
install location: C:\Program Files\ewido anti-malware
uninstall cmd: C:\Program Files\ewido anti-malware\Uninstall.exe
publisher: ewido networks
help link: http://www.ewido.net

FlashGet(JetCar) (FlashGet(JetCar))
uninstall cmd: C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG

(Fontcore)

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

QuickTime 7.0.3 (InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083})
version: 117440515
version (major): 7
estimated size: 62919
install date: 20051116
install location: C:\Program Files\QuickTime\
install source: C:\DOCUME~1\ZiLa\LOCALS~1\Temp\_is4EE\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

NTI Backup NOW! 3 3.0.53 (InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6})
version: 50331701
version (major): 3
estimated size: 12640
install date: 20040917
install location: C:\Progra~1\NewTech Infosystems\NTI Backup NOW! 3\
install source: C:\ACERNB\INSTALL\CDMAKER\BUN\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
publisher: NewTech Infosystems
comments: Your Comments
contact: Technical Support
help link: www.ntius.com
help telephone: 1-949-421-0720 ext. 224
readme: Readme.txt

Acer eManager for Notebook 1.0.17.28 (InstallShield_{827289F5-B44F-4E49-9993-840741585A62})
version: 16777233
version (major): 1
estimated size: 8452
install date: 20040917
install location: C:\Acer\eManager\
install source: C:\WINDOWS\Downloaded Installations\{68A3EB9A-955F-4203-B451-C0D2336352D9}\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
publisher: Acer Inc.
comments: Thank you for using this product
contact: Customer Support Department
help link: http://www.acer.com
help telephone: Please locate your local service center on our website

iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32022
install date: 20051116
install location: C:\Program Files\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.info.apple.com/
help telephone: 1-800-275-2273

NTI CD & DVD-Maker Gold 6 (InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778})
version: 100663296
version (major): 6
estimated size: 41792
install date: 20040917
install location: C:\Progra~1\NewTech Infosystems\NTI CD-Maker\
install source: C:\acernb\Install\cdmaker\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
publisher: NewTech Infosystems
comments: Your Comments
contact: Technical Support
help link: http://www.ntius.com
help telephone: 1-949-421-0720

Windows XP Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Security Update for Windows XP (KB883939) 1 (KB883939)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

Windows XP Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP Hotfix - KB885884 20040924.025457 (KB885884)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885884

Windows XP Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

Windows XP Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

Windows XP Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

Security Update for Windows XP (KB890046) 1 (KB890046)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP Hotfix - KB890859 1 (KB890859)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

Security Update for Windows XP (KB893066) 2 (KB893066)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP Hotfix - KB893086 1 (KB893086)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

Security Update for Windows XP (KB893756) 1 (KB893756)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update for Windows XP (KB894391) 1 (KB894391)
install date: 20050815
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Security Update for Windows XP (KB896358) 1 (KB896358)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Security Update for Windows XP (KB896422) 1 (KB896422)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Security Update for Windows XP (KB896423) 1 (KB896423)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Security Update for Windows XP (KB896424) 1 (KB896424)
install date: 20051109
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Security Update for Windows XP (KB896428) 1 (KB896428)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

Security Update for Windows XP (KB896688) 1 (KB896688)
install date: 20051020
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896688

Update for Windows XP (KB896727) 1 (KB896727)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896727

Update for Windows XP (KB898461) 1 (KB898461)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

Security Update for Windows XP (KB899587) 1 (KB899587)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Security Update for Windows XP (KB899588) 1 (KB899588)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899588

Security Update for Windows XP (KB899591) 1 (KB899591)
install date: 20050813
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

Update for Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Security Update for Windows XP (KB900725) 1 (KB900725)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Security Update for Windows XP (KB901017) 1 (KB901017)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Security Update for Windows XP (KB901190) 1 (KB901190)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190

Security Update for Windows XP (KB901214) 1 (KB901214)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

Security Update for Windows XP (KB902400) 1 (KB902400)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Security Update for Windows XP (KB903235) 1 (KB903235)
install date: 20050720
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Security Update for Windows XP (KB904706) 1 (KB904706)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Security Update for Windows XP (KB905414) 1 (KB905414)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Security Update for Windows XP (KB905749) 1 (KB905749)
install date: 20051014
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Security Update for Windows XP (KB905915) 1 (KB905915)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

Security Update for Windows XP (KB908519) 1 (KB908519)
install date: 20060112
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Security Update for Windows XP (KB908531) 1 (KB908531)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update for Windows XP (KB910437) 1 (KB910437)
install date: 20051215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Security Update for Windows XP (KB911280) 1 (KB911280)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Security Update for Windows XP (KB911562) 1 (KB911562)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Security Update for Windows Media Player (KB911564) (KB911564)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Security Update for Windows Media Player 10 (KB911565) (KB911565)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Security Update for Windows XP (KB911567) 1 (KB911567)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

Security Update for Windows XP (KB911927) 1 (KB911927)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Security Update for Windows XP (KB912812) 1 (KB912812)
install date: 20060414
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Security Update for Windows XP (KB912919) 1 (KB912919)
install date: 20060106
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Security Update for Windows XP (KB913446) 1 (KB913446)
install date: 20060215
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Security Update for Windows XP (KB913580) 1 (KB913580)
install date: 20060515
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Security Update for Windows XP (KB914389) 1 (KB914389)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Security Update for Windows XP (KB916281) 1 (KB916281)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Security Update for Windows XP (KB917344) 1 (KB917344)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Security Update for Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Security Update for Windows XP (KB917953) 1 (KB917953)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Security Update for Windows XP (KB918439) 1 (KB918439)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

LiveReg (Symantec Corporation) 3.0.0 (LiveReg)
install location: C:\Program Files\Common Files\Symantec Shared\LiveReg
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
publisher: Symantec Corporation

LiveUpdate 2.6 (Symantec Corporation) 2.6.14.0 (LiveUpdate)
install location: C:\Program Files\Symantec\LiveUpdate
uninstall cmd: C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
publisher: Symantec Corporation

Launch Manager (LManager)
uninstall cmd: C:\WINDOWS\UnInst32.exe QtZgAcer.UNI

Macromedia Shockwave Player 10.1.0.11 (Macromedia Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Macromedia, Inc.
help link: http://www.macromedia.com/support/shockwave

Maxthon Browser (remove only) (Maxthon)
uninstall cmd: C:\Program Files\Maxthon\MaxthonUINST.exe

(MobileOptionPack)

(MPlayer2)

Ahead InCD EasyWrite Reader (MRW!UninstallKey)
uninstall cmd: C:\WINDOWS\unmrw.exe /UNINSTALL

Messenger Plus! 3 (MsgPlus! Plugin)
uninstall cmd: "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

MSN (MSNINST)
uninstall cmd: C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

(NetMeeting)

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

(RealJukebox 1.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Sandlot Games Client Services (Sandlot Games Client Services_is1)
install location: C:\Program Files\Common Files\Sandlot Shared\
uninstall cmd: "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
publisher: Sandlot Games
help link: http://www.sandlotgames.com

(SchedulingAgent)

(Sevinst)

(Shockwave)

Macromedia Flash Player 8 8 (ShockwaveFlash)
uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
publisher: Macromedia
help link: http://www.macromedia.com/go/flashplayer_support/

(SmartMovie Converter (for Symbian phones))

SmartMovie Converter (Series 60) (SmartMovie Converter (Series 60))
uninstall cmd: "C:\Program Files\Lonely Cat Games\SmartMovie Converter (Series 60)\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter (Series 60)\install.log

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
publisher: Javacool Software LLC

Starcraft (Starcraft)
uninstall cmd: C:\WINDOWS\scunin.exe C:\WINDOWS\scunin.dat

StuffPlug-NG (Messenger Plus! Plugins) 2.2.229 (StuffPlug-NG)
version (major): 2
version (minor): 2
install location: C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG
uninstall cmd: C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe
publisher: TheBlasphemer

Norton AntiVirus 2005 (Symantec Corporation) 11.0.1 (SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B})
install location: C:\Program Files\Norton AntiVirus
install source: C:\DOCUME~1\FiZa\LOCALS~1\Temp\NORTON~1
uninstall cmd: C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
publisher: Symantec Corporation

Synaptics Pointing Device Driver 7.10.12.0 (SynTPDeinstKey)
uninstall cmd: rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

The French Tutorial Personal Edition (The French Tutorial Personal Edition)
uninstall cmd: C:\Program Files\The French Tutorial Personal Edition\uninstall.exe

Microsoft Web Publishing Wizard 1.52 (WebPost)
uninstall cmd: RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

WinAce Archiver 2.6 (WinAce Archiver)
uninstall cmd: C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
publisher: e-merge GmbH
help link: mailto:[email protected]

Windows Media Format Runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 10 (Windows Media Player)
uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Sony Ericsson Image Editor ({05E9F134-07C9-4249-9B80-EE5D975F201B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Launc

Tech Clinic / HJT log. adwares again..

« on: June 17, 2006, 11:58:33 PM »

i know its the same adware. haha. is there any ways/softwares that can prevent them from being download to my comp? if it were to happen again, can i juz follow the steps here again?

n previously when i run Spybot Search & Destroy, i couldnt delete the Command service error. it will keep on showing that error everytime i scan..

Logfile of HijackThis v1.99.1
Scan saved at 12:55:08 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 6/18/2006 12:47:04 PM

Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015469.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015470.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015471.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015472.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015473.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015474.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015475.dll
Infected! C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015476.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015469.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015469.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015470.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015470.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015471.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015471.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015472.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015472.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015473.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015473.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015474.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015474.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015475.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015475.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015476.dll
C:\System Volume Information\_restore{25F20126-0172-422E-AE96-6DA952267E71}\RP26\A0015476.dll Deleted successfully!

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Tech Clinic / HJT log. adwares again..

« on: June 15, 2006, 11:13:22 PM »

i've got problems with my lappie again..
*sigh* i dont know what went wrong..
i follow as u said, clean up the lappie every week. scans n stuffs.
but it happens again.

hopefully u can help me again..
thanks..

Logfile of HijackThis v1.99.1
Scan saved at 12:11:34 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

My HJT log..

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Acer\ePM\EPM-DM.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ZiLa\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mofunzone.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\m0pola731d.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Tech Clinic / HijackThis log

« on: April 17, 2006, 09:41:11 AM »

i've done everything!!!
nope there isnt an prompt to install everything..

my computer ok already right?

Tech Clinic / HijackThis log

« on: April 16, 2006, 12:28:45 PM »

alright!! thank you so so so so so much!!!!!!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / HijackThis log

« on: April 16, 2006, 12:23:49 PM »

it works!!! wow u ARE A GENIOUS!! but dont need to reboot, can?

Tech Clinic / HijackThis log

« on: April 16, 2006, 12:15:56 PM »

bump

only god knows y..
haha..
here it is..

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\>>> FREE PORN GALLERIES <<<]
@="java script:{document.location='http://sexmaxx.com/freegalleries.htm';}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\ifexec]
@="[]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\topic]
@="AppProperties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\ifexec]
@="[]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\topic]
@="AppProperties"

Tech Clinic / HijackThis log

« on: April 16, 2006, 12:04:40 PM »

REGEDIT4
; RegSrch.vb script:{document.location='http://sexmaxx.com/freegalleries.htm';}"

Tech Clinic / HijackThis log

« on: April 16, 2006, 04:12:45 AM »

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@="{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

Pages: [1] 2

TheTechGuide Forum

News:

Show Posts

Messages - miszila

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HJT log. adwares again..

Tech Clinic / HijackThis log

Tech Clinic / HijackThis log

Tech Clinic / HijackThis log

Tech Clinic / HijackThis log

Tech Clinic / HijackThis log

Tech Clinic / HijackThis log