Prob Ngn Dll Files

[edu_gen 0]

nak tny...

nape stiap kali on computer kuar 2 bende ni..

oqsocyyc.dll is missing

gpprkfpy.dll is missing

dh try cari kt tenet..xde dll 2..camne nk solve ek ?? plz..

try tgk logfiel ni...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:37:48, on 30/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

D:\Winamp\winampa.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O2 - BHO: (no name) - {351700BC-2083-402E-93FD-1AD05114CF01} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)

O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - (no file)

O2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B9499803B2A2303

766A - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)

O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: mlJCVmmL - mlJCVmmL.dll (file missing)

Edited May 30, 2008 by me_iera

[baok 0]

Download MalwareBytes' Anti-Malware >> install >> update >> run full scan..

Kemudian observe, ada lagi tak problem tu..

[edu_gen 0]

Download MalwareBytes' Anti-Malware >> install >> update >> run full scan..

Kemudian observe, ada lagi tak problem tu..

xde yg freeware ke ?? huuh

[baok 0]

Itu freeware ok.. just download >> install >> update >> full scan >> remove semua virus..

aku takkan cadangkan trial version..

[edu_gen 0]

Itu freeware ok.. just download >> install >> update >> full scan >> remove semua virus..

aku takkan cadangkan trial version..

ok bro..ngh run full scan...

[edu_gen 0]

dh run full scan..

logfile malwarebytes..

Malwarebytes' Anti-Malware 1.14

Database version: 800

16:46:29 30/05/2008

mbam-log-5-30-2008 (16-46-28).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 84352

Time elapsed: 1 hour(s), 31 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 235

Registry Values Infected: 12

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 38

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-84ae-7dd20b8684cc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{fce1c203-ff2b-4ec1-9983-e2900d29bbd8} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f2bada0d-fd61-45ef-a994-64a073fd6613} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74f7db6b-86e9-4b91-9d9f-b0d954d7aa5b} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0dfba66b-db48-4292-831a-e7186d8a61ae} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{46f309ae-9d11-4c10-9d20-2c084b1c8bce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4cb95561-af37-4bbd-823c-1e355a744a43} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{76157861-4996-4711-90e4-6d868b877b24} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{81da01db-8100-4865-b9b0-a83f54378435} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{910ef37b-a486-41fc-8a1b-28c5581ab3ac} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a6b2bc38-7f2a-4202-9b43-a28615727fee} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b11da4c8-52dc-44a2-b21b-02bf7a93eb5b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5adbfca-c6de-4e5a-a2da-70aa2933b696} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5ae5932-f1b3-45e4-842a-59eea65b13a8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ba18ba7b-9567-4408-9b87-3d3990c3969e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d56509ab-9821-4db0-bf2f-115159804140} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{dff203ea-222c-44fa-8b78-ed88b4587aa2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb22b708-e0d3-4fce-800b-6dd0c5b30d42} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f1ea02f8-e536-4828-bfb7-3de7fa4d4b09} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f6e18622-dfa8-4dba-b05e-d3d147e16d44} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{23624bd0-2a69-4f91-be6a-9f1f22b72c13} (Rogue.VirusHeat) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ShipTr (Trojan.ShipUp) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\zangosa (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Zango (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\Software\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected] (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP174\A0618719.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626432.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626434.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626435.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626436.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626437.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626438.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626439.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626440.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626441.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626442.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626443.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626445.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626446.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626447.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626448.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626450.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626451.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626452.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626453.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626454.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626455.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626456.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626457.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626458.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626459.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626460.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626759.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626761.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626762.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193\A0719988.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf_update.dat (Adware.Zango) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

ni logfile baru...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:49:17, on 30/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

D:\Winamp\winampa.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Download\786d8d10fefe7553d7282b60526a243b\update\update.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {351700BC-2083-402E-93FD-1AD05114CF01} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B9499803B2A2303

766A - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)

O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: mlJCVmmL - mlJCVmmL.dll (file missing)

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5251 bytes

----- bro baok, try cek...ade g pape yg kne remove x ?

[baok 0]

1. Fix yang di bawah pakai HijackThis..

O2 - BHO: (no name) - {351700BC-2083-402E-93FD-1AD05114CF01} - (no file)

O2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B9499803B2A2303

766A - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)

O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)

O20 - Winlogon Notify: mlJCVmmL - mlJCVmmL.dll (file missing)

----------------

2. Download Deckard System Scanner dan save kat Desktop.. Kemudian run..

Pastikan anda allow firewall anda untuk sebarang process/download yg DSS nak buat.. nanti ada 2 log main.txt dan extra.txt,postkan kedua-dua log tu kat sini..

Satu log dalam satu post

[edu_gen 0]

Edited May 30, 2008 by me_iera

[baok 0]

1. Kamu ada 2 antivirus (AVG8 dan Norton 2005). Uninstall salah satu.. Jangan pakai 2 antivirus.. Jangan dengar kata orang yang 2 antivirus tu bagus.. Diorang tak tau apa-apa pun..

------------------

2. Bukak pendrive yg biasa digunakan dan buang fail di bawah (jika ada)

RavMonE.exe

printer.exe

infrom.exe

autorun.inf

-----------------

3. Pergi kat Start >> Run >> Copy/paste yg dibawah >> Tekan Enter

"%userprofile%\desktop\dss.exe" /daft

Lepas tu ada DAFT pop-up akan muncul.. Tekan butang Scan.. Biar die scan kejap dan lepastu tandakan semua yang ada dan tekan butang Fix

----------------

4. Download OTMoveIt2 oleh OldTimer dan save kat Desktop

Copy/paste yg dibawah ke petak Kuning yang bertulis "Paste List of Files/Folders to Move"

[kill explorer]
C:\WINDOWS\system32\ppVuDfhk.ini2
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd11350-345c-11dc-99a3-0000e8000b78}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379060f0-3191-11db-91df-0000e8000b78}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a35f70-707e-11db-9279-0000e8000b78}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642f9a50-fbe4-11dc-b8e9-0000e8000b78}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7817b981-4031-11dc-99cd-0000e8000b78}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ba39e0-0549-11dd-b908-0000e8000b78}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a03abc0-0d49-11db-917f-0000e8000b78}
EmptyTemp
[start explorer]

Dah tu, tekan butang Move It! yang kaler merah. Kalau dia perlu reboot, sila reboot pc anda..

Nanti ada log kat petak kaler.. hijau... copy/paste log tu kat sini..

----------------

5. Pergi kat Jotti dan scan file dibawah

C:\WINDOWS\msg.exe

copy/paste result die kat sini

-------------------

6. Soalan.. Main ke game Zango?

lepastu postkan sekali log DSS yg fresh..

Edited May 31, 2008 by baok

[B@zSh™ 1]

Hmmm...aku perhatikan baok nyer solution untuk setiap masalah malware/adware sama utk setiap pos

Ko kerja apa baok?

Ada involve bahagian security ker?

Nanti ko boleh wat tutorial macamana nak remove malware/adware secara general menggunakan tools yang ko cadangkan tu

Dan bole la terangkan serba sedikit fungsi2 tools tersebut

[baok 0]

Hmmm...aku perhatikan baok nyer solution untuk setiap masalah malware/adware sama utk setiap pos

Ko kerja apa baok?

Ada involve bahagian security ker?

Nanti ko boleh wat tutorial macamana nak remove malware/adware secara general menggunakan tools yang ko cadangkan tu

Dan bole la terangkan serba sedikit fungsi2 tools tersebut

aku just main2 je.. bukan buat betul2..

http://forum.putera.com/tanya/index.php?show...st&p=711282

Edited May 31, 2008 by baok

[edu_gen 0]

Ni log slps gn OTmove it...

Explorer killed successfully

C:\WINDOWS\system32\ppVuDfhk.ini2 moved successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd11350-345c-11dc-99a3-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd11350-345c-11dc-99a3-0000e8000b78}\\ deleted successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379060f0-3191-11db-91df-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379060f0-3191-11db-91df-0000e8000b78}\\ deleted successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a35f70-707e-11db-9279-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a35f70-707e-11db-9279-0000e8000b78}\\ deleted successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642f9a50-fbe4-11dc-b8e9-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642f9a50-fbe4-11dc-b8e9-0000e8000b78}\\ deleted successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7817b981-4031-11dc-99cd-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7817b981-4031-11dc-99cd-0000e8000b78}\\ deleted successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ba39e0-0549-11dd-b908-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ba39e0-0549-11dd-b908-0000e8000b78}\\ deleted successfully.

< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a03abc0-0d49-11db-917f-0000e8000b78} >

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a03abc0-0d49-11db-917f-0000e8000b78}\\ deleted successfully.

< EmptyTemp >

File delete failed. C:\WINDOWS\temp\46d6af39-4841-45cf-b2c2-5391f98be45e.tmp scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06012008_122453

Files moved on Reboot...

File C:\WINDOWS\temp\46d6af39-4841-45cf-b2c2-5391f98be45e.tmp not found!

logfile baru..Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:41:11, on 01/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\Winamp\winampa.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 4741 bytes

---------------------------------------------------------

- dekat JOTI tu ak xtau nk scan ktne..just ade details tetang how to show your files je...

- norton dh uninstall..tp npe still ade dlm system ek ??

Edited June 1, 2008 by me_iera

[baok 0]

Hi.. saya minta maaf sebab bagi link yang salah.. silap copy dari canned speech..

---------------

1. Pergi kat Jotti's malware scan dan scan file di bawah... copy/paste result die kat sini..

C:\WINDOWS\msg.exe

--------------

2. Postkan result Jotti dan fresh DSS log.. Saya tak mahu HijackThis log..

[edu_gen 0]

fresh DSS log nk dptkn cmne ?

sori xtau..hehe

[baok 0]

Maksudnya, run sekali lagi Deckard System Scanner dan postkan log die kat sini..

Jangan lupa result Jotti.. kalau tak tahu tanya

[edu_gen 0]

result Jotti

Scan taken on 01 Jun 2008 14:36:26 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found PUA.Tool.RemoveWGA

CPsecure Found nothing

Dr.Web Found Tool.RemoveWGA

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found Mal/Emogen-G

VirusBuster Found nothing

VBA32 Found nothing

Last file scanned at least one scanner reported something about: VulanPro405.rar (MD5: 39f622c7b13614e01321ca6d083ca1dc, size: 222308 bytes), detected by:

A-Squared Trojan-Downloader.Win32.Delf.gpx

AntiVir TR/Dldr.Delf.gpx

ArcaVir X

Avast X

AVG Antivirus Downloader.Generic7.IAI

BitDefender X

ClamAV Trojan.Downloader-33043

CPsecure Troj.Downloader.W32.Delf.gpx

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus Trojan-Downloader.Win32.Delf.gpx

Fortinet X

Ikarus Trojan-Downloader.Win32.Adload.db

Kaspersky Anti-Virus Trojan-Downloader.Win32.Delf.gpx

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus Mal/Generic-A

VirusBuster X

VBA32 Trojan-Downloader.Win32.Delf.gpx

logfile dss

Deckard's System Scanner v20071014.68

Run by Administrator on 2008-06-01 22:41:31

Computer is in Normal Mode.

--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).

Total Physical Memory: 192 MiB (512 MiB recommended).

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:42:45, on 01/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

D:\Winamp\winampa.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Documents and Settings\Administrator\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 4819 bytes

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 11:58:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-30 15:06:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-05-30 15:05:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-30 15:05:20 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-30 14:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\TeraCopy

2008-05-30 14:29:46 0 d-------- C:\Program Files\TeraCopy

2008-05-30 14:11:48 0 d--hs---- C:\Documents and Settings\Administrator\Recent

2008-05-30 13:28:13 174592 --a------ C:\WINDOWS\system\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2008-05-30 03:10:36 6120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-30 03:09:48 0 d-------- C:\WINDOWS\BricoPacks

2008-05-30 02:42:28 0 d--hs---- C:\found.000

2008-05-30 00:32:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\IDM

2008-05-30 00:32:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache

2008-05-30 00:31:24 0 d-------- C:\Program Files\Internet Download Manager

2008-05-29 21:14:16 0 d--h----- C:\$AVG8.VAULT$

2008-05-29 21:10:24 0 d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-29 21:10:00 0 d-------- C:\Program Files\AVG

2008-05-29 21:09:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-05-30 03:24:38 0 d-------- C:\Program Files\Movie Maker

2008-05-30 03:22:17 65250 --a----c- C:\WINDOWS\BricoPackUninst.cmd

2008-05-29 20:16:12 13824 --a------ C:\WINDOWS\msg.exe

2008-05-04 09:26:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger

2008-04-21 17:01:56 0 d-------- C:\Program Files\Counter-Strike

2008-04-21 17:01:51 0 d-------- C:\Program Files\Counter-Strike17_bot

2008-04-12 19:36:57 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-12 19:31:18 0 d-------- C:\Program Files\Common Files\InstallShield

2008-04-10 15:56:52 0 d-------- C:\Program Files\VCop2

2008-04-08 16:59:20 13824 --a------ C:\readmsg.exe

2008-04-04 18:59:50 2180 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-15 20:44:22 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-10 09:56:14 903909 --a------ C:\WINDOWS\Condition Zero Uninstaller.exe

2008-03-03 14:25:38 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="D:\Winamp\winampa.exe" [16/01/2008 06:54]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/05/2008 21:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]

"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [30/05/2008 14:05]

C:\Documents and Settings\Administrator\Desktop\Ayezz\Startup\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19/03/2007 06:05:02]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [02/06/2005 03:41:18]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [21/05/2006 15:43:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"=1 (0x1)

"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"DisableTaskMgr"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"=0 (0x0)

"NotoolBarsOnTaskBar"=0 (0x0)

"NoFileMenu"=0 (0x0)

"NoShellSearchButton"=0 (0x0)

"NoFind"=0 (0x0)

"NoRun"=0 (0x0)

"NoTrayItemsDisplay"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDuVpp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAVAgent]

/silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]

"C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]

C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]

"C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"

-- End of Deckard's System Scanner: finished at 2008-06-01 22:47:34 ------------

[baok 0]

Ok..

1, Bukak OTMoveIt2, Copy/paste yg dibawah ke petak Kuning yang bertulis "Paste List of Files/Folders to Move"

[kill explorer]
C:\WINDOWS\msg.exe
C:\WINDOWS\system32\khfDuVpp*.*
[start explorer]

Dah tu, tekan butang Move It! yang kaler merah. Kalau dia perlu reboot, sila reboot pc anda..

Nanti ada log kat petak kaler.. hijau... copy/paste log tu kat sini..

------------------

2. Download Dr.Web CureIt dan save kat Desktop..

Doubleclick DrWeb dan biar die run quick scan.. kemudian run complete scan

Lepas habis scan, pilih Select All --> click kat Cure --> Move incurable

Lepas tu click kat File --> Save report list. Save report kat Desktop. nama file tu DrWeb.csv.

Post log tu..

-----------------

3. Post sekali log DSS baru.. Jawab soalan nih.. main game Zango tak? (online game)

[edu_gen 0]

jotti

Explorer killed successfully

C:\WINDOWS\msg.exe moved successfully.

< C:\WINDOWS\system32\khfDuVpp*.* >

File/Folder C:\WINDOWS\system32\khfDuVpp*.* not found.

Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_073123

---------------------------------------------------------------------------------

dr web

A0635049.exe\data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP179\A0635049.exe;Adware.Zango;;

A0635049.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP179;Archive contains infected objects;Moved.;

A0661380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0662380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0663380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0664380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0665380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0665393.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0665406.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;

A0666406.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0667406.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0667421.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0667430.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0667443.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0667460.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0667477.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0668477.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0668512.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0668525.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0669525.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0669547.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0669561.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

data001\data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186\A0669570.exe\data001;Adware.Shopper;;

data001\data002;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186\A0669570.exe\data001;Adware.SaveNow.128;;

data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186\A0669570.exe;Archive contains infected objects;;

A0669570.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Archive contains infected objects;Moved.;

A0669623.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0670624.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0670638.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0670689.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0670699.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;

A0671699.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;

A0672699.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;

A0672710.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;

A0672726.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;

A0673726.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;

A0674726.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0674736.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0675749.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0676750.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0677750.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0677774.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0678774.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0679775.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0679788.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0680788.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0681789.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;

A0682798.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0683799.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0684798.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685798.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685810.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685822.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685834.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685849.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685861.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0685874.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0686873.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0686885.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0688885.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0688899.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0688920.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0688933.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0688947.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0689948.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0689961.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;

A0690962.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0690975.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0692975.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0694980.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0694995.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0695007.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0696007.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0696018.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0696033.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0698033.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0698047.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0699056.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0699070.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0700069.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0701069.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0702069.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0702082.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0702112.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0702126.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0703125.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0704125.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0704133.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0705133.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0705154.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0706155.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;

A0707159.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707174.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707186.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707199.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707207.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707222.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707239.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0707257.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0708258.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0708324.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0708338.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0709338.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0709354.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0709369.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0709380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0709394.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0709403.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0710404.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0710418.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;

A0712423.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0712433.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0712446.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0713446.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0713456.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0714456.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0714468.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0715468.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0715571.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;

A0716583.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0717583.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0718583.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0718596.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0718609.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0719622.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0719641.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0719653.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0719669.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0719681.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0719802.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;

A0722751.exe\data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP196\A0722751.exe;Probably BACKDOOR.Trojan;;

A0722751.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP196;Archive contains infected objects;Moved.;

A0722752.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP196;Tool.RemoveWGA;Incurable.Deleted.;

msg.exe;C:\_OTMoveIt\MovedFiles\06022008_073123\WINDOWS;Tool.RemoveWGA;Incurable.Deleted.;

portableav16b.exe\data001;D:\Photoshop Brushes\apesaje\~comp~\portableav16b.exe;Probably BACKDOOR.Trojan;;

portableav16b.exe;D:\Photoshop Brushes\apesaje\~comp~;Archive contains infected objects;Moved.;

A0723766.exe\data001;D:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP197\A0723766.exe;Probably BACKDOOR.Trojan;;

A0723766.exe;D:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP197;Archive contains infected objects;Moved.;

---------------------------------------------------------------------------------

dss

Deckard's System Scanner v20071014.68

Run by Administrator on 2008-06-03 14:51:16

Computer is in Normal Mode.

--------------------------------------------------------------------------------

Percentage of Memory in Use: 76% (more than 75%).

Total Physical Memory: 192 MiB (512 MiB recommended).

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:53:14, on 03/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

D:\Winamp\winampa.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Documents and Settings\Administrator\Desktop\cureit.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\_start.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\setup.exe

C:\PROGRA~1\AVG\AVG8\avgscanx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

C:\PROGRA~1\AVG\AVG8\avgupd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.com

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5202 bytes

-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-02 07:35:10 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb

2008-06-01 11:58:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-30 15:06:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-05-30 15:05:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-05-30 15:05:20 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-05-30 14:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\TeraCopy

2008-05-30 14:29:46 0 d-------- C:\Program Files\TeraCopy

2008-05-30 14:11:48 0 d--hs---- C:\Documents and Settings\Administrator\Recent

2008-05-30 13:28:13 174592 --a------ C:\WINDOWS\system\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2008-05-30 03:10:36 6120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-05-30 03:09:48 0 d-------- C:\WINDOWS\BricoPacks

2008-05-30 02:42:28 0 d--hs---- C:\found.000

2008-05-30 00:32:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\IDM

2008-05-30 00:32:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache

2008-05-30 00:31:24 0 d-------- C:\Program Files\Internet Download Manager

2008-05-29 21:14:16 0 d--h----- C:\$AVG8.VAULT$

2008-05-29 21:10:24 0 d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-29 21:10:00 0 d-------- C:\Program Files\AVG

2008-05-29 21:09:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8

-- Find3M Report ---------------------------------------------------------------

2008-05-30 03:24:38 0 d-------- C:\Program Files\Movie Maker

2008-05-30 03:22:17 65250 --a----c- C:\WINDOWS\BricoPackUninst.cmd

2008-05-04 09:26:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger

2008-04-21 17:01:56 0 d-------- C:\Program Files\Counter-Strike

2008-04-21 17:01:51 0 d-------- C:\Program Files\Counter-Strike17_bot

2008-04-12 19:36:57 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-12 19:31:18 0 d-------- C:\Program Files\Common Files\InstallShield

2008-04-10 15:56:52 0 d-------- C:\Program Files\VCop2

2008-04-04 18:59:50 2180 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-03-15 20:44:22 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-03-10 09:56:14 903909 --a------ C:\WINDOWS\Condition Zero Uninstaller.exe

2008-03-03 14:25:38 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"="D:\Winamp\winampa.exe" [16/01/2008 06:54]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/05/2008 21:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]

"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [30/05/2008 14:05]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 17:43]

C:\Documents and Settings\Administrator\Desktop\Ayezz\Startup\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19/03/2007 06:05:02]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [02/06/2005 03:41:18]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [21/05/2006 15:43:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"=1 (0x1)

"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"DisableTaskMgr"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"=0 (0x0)

"NotoolBarsOnTaskBar"=0 (0x0)

"NoFileMenu"=0 (0x0)

"NoShellSearchButton"=0 (0x0)

"NoFind"=0 (0x0)

"NoRun"=0 (0x0)

"NoTrayItemsDisplay"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDuVpp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAVAgent]

/silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]

"C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]

C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]

"C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"

-- End of Deckard's System Scanner: finished at 2008-06-03 15:00:28 ------------

--------------------------------------------------------------------------------

game zango tu xmen pon..

[Hiruka 4]

wah pening tgk thread nih..pinau² mata..

maybe klu wat skit cleaning pc leh bantu kot..

try guna Your Uninstaller pro..uninstall mane² yg tak perlu..

find/clean temporary files..

Guna tuneup Utilities 2008 in addition ok gak..fix registry skali..

jgn gopoh-gapah, nk fix pc kena cool n steady..

[baok 0]

Sikit saja lagi..

1. Uninstall Zango dari Add or Remove Programs dan buang folder di bawah

C:\Program Files\Zango

------------------------

2. 1, Bukak OTMoveIt2, Copy/paste yg dibawah ke petak Kuning yang bertulis "Paste List of Files/Folders to Move"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA

Dah tu, tekan butang Move It! yang kaler merah. Kalau dia perlu reboot, sila reboot pc anda..

------------------------

3. Ada satu registry aku tak berani sentuh.. LSA key.. Kalau salah buang, pc sdr mungkin langsung takleh masuk Windows

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDuVpp

Yang kaler merah tu patut takde.. itu entry malware.. Kalau sdr berani amik risiko, pergi kat regedit dan buang yang kaler merah tu sahaja.. tinggalkan msv1_0

Kalau tak confident dan PC dah takde problem, better tinggalkan saja..

--------------------------------------

wah pening tgk thread nih..pinau² mata..

maybe klu wat skit cleaning pc leh bantu kot..

try guna Your Uninstaller pro..uninstall mane² yg tak perlu..

find/clean temporary files..

Guna tuneup Utilities 2008 in addition ok gak..fix registry skali..

jgn gopoh-gapah, nk fix pc kena cool n steady..

If you are very well trained, you just smile looking at the logs..

Ini pun aku just main2.. kalau buat betul2 aku akan gunakan tools yg lain.. but rest assured that my intention is to fix user's pc..

Edited June 3, 2008 by baok

[edu_gen 0]

ok dh..successfull..ade pape lg x ?

[baok 0]

Kalau dah takde problem lagi, you are good to go..

[edu_gen 0]

okies...thanks a lot bro..