Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91865 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

kavo.exe virus...rootkit


  • This topic is locked This topic is locked
No replies to this topic

#1 ryosule225

ryosule225

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 28 March 2008 - 05:24 PM

hi, im ryosule225. recently i found that my laptop was infected with a virus called kavo. i tried to remove it through some guideline but im not sure whether my laptop is clean from it onot. below is d log from combofix and hijackthis. hope that i can get some help here......thankssss

ComboFix 08-03-27.1 - T 2008-03-29 7:07:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.695 [GMT 8:00]
Running from: C:\Documents and Settings\T\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-29 02:00 . 2008-03-29 02:00 <DIR> d-------- C:\_OTMoveIt
2008-03-29 01:29 . 2008-03-29 01:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-29 01:08 . 2008-03-29 02:18 <DIR> d-------- C:\SDFix
2008-03-28 21:44 . 2008-03-28 21:44 <DIR> d-------- C:\Documents and Settings\T\Application Data\Uniblue
2008-03-28 18:52 . 2008-03-28 21:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-28 16:42 . 2008-03-28 16:22 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-28 16:19 . 2008-03-28 17:39 <DIR> d-------- C:\Documents and Settings\T\.housecall6.6
2008-03-28 13:06 . 2008-03-28 13:06 118,116 -r-hs---- C:\lhwdcgcb.bat
2008-03-28 13:06 . 2008-03-28 13:06 268 --ah----- C:\sqmdata08.sqm
2008-03-28 13:06 . 2008-03-28 13:06 244 --ah----- C:\sqmnoopt08.sqm
2008-03-28 00:28 . 2008-03-27 22:35 114,977 -r-hs---- C:\ff1q0gw.bat
2008-03-19 16:51 . 2008-03-19 16:51 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-18 14:14 . 2008-03-18 14:14 <DIR> d-------- C:\Program Files\Skype
2008-03-18 14:14 . 2008-03-25 15:28 <DIR> d-------- C:\Documents and Settings\T\Application Data\skypePM
2008-03-18 14:14 . 2008-03-18 14:14 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-18 14:13 . 2008-03-18 14:14 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-11 20:11 . 2008-03-21 19:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 20:11 . 2008-03-11 20:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-11 20:09 . 2008-03-11 20:10 <DIR> d-------- C:\Program Files\QuickTime
2008-03-11 20:09 . 2008-03-11 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-10 17:37 . 2008-03-10 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-10 17:34 . 2008-03-28 21:52 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-10 17:23 . 2008-03-10 17:23 <DIR> d-------- C:\Program Files\Accelrys
2008-03-10 17:19 . 2008-03-10 17:19 <DIR> d-------- C:\Program Files\SFScholarToolbar
2008-03-10 17:18 . 2000-03-10 10:05 863,744 --a------ C:\WINDOWS\system32\Cw3245mt.dll
2008-03-10 17:18 . 2000-03-10 10:05 271,872 --a------ C:\WINDOWS\system32\Cxf0332b.dll
2008-03-10 17:18 . 2000-03-10 10:05 260,096 --a------ C:\WINDOWS\system32\Cxf0332a.dll
2008-03-10 17:18 . 2007-05-16 10:30 118,784 --a------ C:\WINDOWS\system32\SciFiSoft.dll
2008-03-10 17:18 . 2000-03-10 10:05 25,088 --a------ C:\WINDOWS\system32\Cxf0332c.dll
2008-03-10 17:17 . 2008-03-10 17:18 <DIR> d-------- C:\Program Files\SFSCHLR
2008-03-09 02:42 . 2008-03-09 02:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-09 02:41 . 2008-03-09 02:43 <DIR> d-------- C:\Program Files\Windows Live
2008-03-09 02:41 . 2008-03-09 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 22:30 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-03-03 22:30 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-03-02 04:13 . 2008-03-02 04:13 <DIR> d-------- C:\Program Files\DownloadToolz
2008-02-28 19:14 . 2008-02-28 19:14 38 --a------ C:\WINDOWS\avisplitter.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 23:10 1,009,696 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-28 23:09 14,438,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-28 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 19:08 202,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-28 19:08 103,892 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-28 19:01 --------- d-----w C:\Program Files\FlashGet
2008-03-28 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-28 01:46 --------- d-----w C:\Documents and Settings\T\Application Data\Skype
2008-03-27 17:37 --------- d-----w C:\Documents and Settings\T\Application Data\U3
2008-03-27 12:23 --------- d-----w C:\Documents and Settings\T\Application Data\foobar2000
2008-03-18 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-13 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 07:40 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-10 09:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 17:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-27 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
2008-02-26 22:08 --------- d-----w C:\Program Files\eREAD6.0
2008-02-17 14:28 --------- d-----w C:\Program Files\foobar2000
2008-02-09 09:37 65,257 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-09 09:37 6,106 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-09 09:37 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-04 16:46 --------- d-----w C:\Program Files\BitComet
2008-02-04 16:38 --------- d-----w C:\Program Files\Veoh Networks
2008-02-01 19:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-31 16:51 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-01-29 23:02 200768 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-11-05 13:52 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-12-03 13:24 290816 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2005-01-23 02:31 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-01-21 13:40 790528 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2005-01-23 02:36 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 20:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSD_HDDThermo]
C:\Program Files\HDD Thermometer\HDD Thermometer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-04 01:53 36972 C:\Program Files\Java\jre1.5.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-11-05 02:38 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-05 02:40 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-11 00:35 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-03 13:21 3461120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SAS\\SAS 9.1\\sas.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14142:TCP"= 14142:TCP:BitComet 14142 TCP
"14142:UDP"= 14142:UDP:BitComet 14142 UDP

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{058e41bb-bdb0-11dc-ab3f-0012f08f2a82}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2fadbdd-ba6d-11dc-ab36-0012f08f2a82}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4d9c85-c70e-11dc-ab44-0012f08f2a82}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb4d9da9-c70e-11dc-ab44-0012f08f2a82}]
\Shell\AutoRun\command - F:\ff1q0gw.bat
\Shell\explore\Command - F:\ff1q0gw.bat
\Shell\open\Command - F:\ff1q0gw.bat

.
Contents of the 'Scheduled Tasks' folder
"2008-03-28 09:16:22 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-25 10:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 07:10:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-29 7:11:28
ComboFix-quarantined-files.txt 2008-03-28 23:11:10
Pre-Run: 1,223,487,488 bytes free
Post-Run: 1,212,829,696 bytes free
.
2008-03-13 19:03:29 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 07:21, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...o&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users