edu_gen 0 Report post Posted May 30, 2008 (edited) nak tny...nape stiap kali on computer kuar 2 bende ni..oqsocyyc.dll is missinggpprkfpy.dll is missingdh try cari kt tenet..xde dll 2..camne nk solve ek ?? plz..try tgk logfiel ni...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:37:48, on 30/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeD:\Winamp\winampa.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.comR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)O2 - BHO: (no name) - {351700BC-2083-402E-93FD-1AD05114CF01} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: 375013 helper - {74F7DB6B-86E9-4B91-9D9F-B0D954D7AA5B} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)O2 - BHO: (no name) - {826A5ED9-1316-4EFD-87F8-AA400C5D551A} - (no file)O2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B9499803B2A2303766A - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exeO4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO20 - Winlogon Notify: mlJCVmmL - mlJCVmmL.dll (file missing) Edited May 30, 2008 by me_iera Quote Share this post Link to post Share on other sites
baok 0 Report post Posted May 30, 2008 Download MalwareBytes' Anti-Malware >> install >> update >> run full scan.. Kemudian observe, ada lagi tak problem tu.. Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted May 30, 2008 Download MalwareBytes' Anti-Malware >> install >> update >> run full scan.. Kemudian observe, ada lagi tak problem tu..xde yg freeware ke ?? huuh Quote Share this post Link to post Share on other sites
baok 0 Report post Posted May 30, 2008 Itu freeware ok.. just download >> install >> update >> full scan >> remove semua virus..aku takkan cadangkan trial version.. Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted May 30, 2008 Itu freeware ok.. just download >> install >> update >> full scan >> remove semua virus..aku takkan cadangkan trial version..ok bro..ngh run full scan... Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted May 30, 2008 dh run full scan..logfile malwarebytes..Malwarebytes' Anti-Malware 1.14Database version: 80016:46:29 30/05/2008mbam-log-5-30-2008 (16-46-28).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 84352Time elapsed: 1 hour(s), 31 minute(s), 58 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 235Registry Values Infected: 12Registry Data Items Infected: 0Folders Infected: 3Files Infected: 38Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-84ae-7dd20b8684cc} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{fce1c203-ff2b-4ec1-9983-e2900d29bbd8} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{f2bada0d-fd61-45ef-a994-64a073fd6613} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74f7db6b-86e9-4b91-9d9f-b0d954d7aa5b} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{08755390-f46d-4d09-968c-3430166b3189} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{087c4054-0a2b-4f35-b0db-bed3e21650f4} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{99ccfb8c-6380-4a14-8fdd-ef3e7e95335d} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{229d2451-a617-4b30-b5e8-8138694240cb} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{9720de03-5820-4059-b4a4-639d5e52bd09} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{c23fa5a4-1fea-419f-8b14-f7465df062bc} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{ccc6e232-aa4c-4813-a019-9c14b27776b6} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{14e6d991-db22-4661-981d-20c168d6847b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2242513c-f5e9-41b3-bc89-4d9daf487450} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3b489b37-fc1b-45c8-b1ce-78d9aef5b336} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3d6a6e24-fdff-418e-a93d-9fbdcba377af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{3e318e44-0c35-4292-af91-18dd17795636} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{495349a3-3a35-465f-88df-6ccfc1348246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{575e8879-d6cf-4992-a7fe-651da9277bcb} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{76a15001-ff88-47ee-9e34-9f68e34246af} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{819a1c55-735f-4696-8727-3772ec87ad26} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{8dc7e656-ffbc-4ba2-af81-1c6c4fe04407} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a86bed71-2b56-4778-9c48-829a3d01c687} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{ae119e11-cf86-43cb-91aa-1acf2bbf9ec6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b5a1ce7f-011d-4475-98db-076aaf3b1d18} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b667f141-171c-4ac6-bd2b-8e0c646fb920} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{da4f8351-05ef-4956-b9ab-1093b732436f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e1e4e46d-53b8-45dc-abf0-3e7adef79012} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{83b0cadc-ea64-4ac6-822a-3ece95f44da6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{0dfba66b-db48-4292-831a-e7186d8a61ae} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{46f309ae-9d11-4c10-9d20-2c084b1c8bce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{4cb95561-af37-4bbd-823c-1e355a744a43} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{76157861-4996-4711-90e4-6d868b877b24} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{81da01db-8100-4865-b9b0-a83f54378435} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{910ef37b-a486-41fc-8a1b-28c5581ab3ac} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a6b2bc38-7f2a-4202-9b43-a28615727fee} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b11da4c8-52dc-44a2-b21b-02bf7a93eb5b} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b5adbfca-c6de-4e5a-a2da-70aa2933b696} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{b5ae5932-f1b3-45e4-842a-59eea65b13a8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{ba18ba7b-9567-4408-9b87-3d3990c3969e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{d56509ab-9821-4db0-bf2f-115159804140} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{dff203ea-222c-44fa-8b78-ed88b4587aa2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{eb22b708-e0d3-4fce-800b-6dd0c5b30d42} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{f1ea02f8-e536-4828-bfb7-3de7fa4d4b09} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{f6e18622-dfa8-4dba-b05e-d3d147e16d44} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{23624bd0-2a69-4f91-be6a-9f1f22b72c13} (Rogue.VirusHeat) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ShipTr (Trojan.ShipUp) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\zangosa (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Zango (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\instie.hbinstobj (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\instie.hbinstobj.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\Software\zango (Adware.180Solutions) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{826a5ed9-1316-4efd-87f8-aa400c5d551a} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d70e9b0f-aabc-4066-8176-c6de84d92fa1} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\[email protected] (Adware.Zango) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\WINDOWS\system32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.Files Infected:C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP174\A0618719.exe (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626432.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626434.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626435.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626436.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626437.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626438.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626439.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626440.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626441.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626442.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626443.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626445.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626446.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626447.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626448.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626450.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626451.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626452.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626453.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626454.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626455.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626456.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626457.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626458.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626459.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626460.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626759.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626761.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP176\A0626762.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193\A0719988.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf_update.dat (Adware.Zango) -> Quarantined and deleted successfully.C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.ni logfile baru...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:49:17, on 30/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeD:\Winamp\winampa.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\SoftwareDistribution\Download\786d8d10fefe7553d7282b60526a243b\update\update.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.comO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {351700BC-2083-402E-93FD-1AD05114CF01} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B9499803B2A2303766A - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO20 - Winlogon Notify: mlJCVmmL - mlJCVmmL.dll (file missing)O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 5251 bytes----- bro baok, try cek...ade g pape yg kne remove x ? Quote Share this post Link to post Share on other sites
baok 0 Report post Posted May 30, 2008 1. Fix yang di bawah pakai HijackThis..O2 - BHO: (no name) - {351700BC-2083-402E-93FD-1AD05114CF01} - (no file)O2 - BHO: Zango /fleok=1D8A83A5C5E019769AA575760EA83FA5EF80752B9499803B2A2303766A - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O3 - Toolbar: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - (no file)O20 - Winlogon Notify: mlJCVmmL - mlJCVmmL.dll (file missing)----------------2. Download Deckard System Scanner dan save kat Desktop.. Kemudian run..Pastikan anda allow firewall anda untuk sebarang process/download yg DSS nak buat.. nanti ada 2 log main.txt dan extra.txt,postkan kedua-dua log tu kat sini..Satu log dalam satu post Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted May 30, 2008 (edited) Edited May 30, 2008 by me_iera Quote Share this post Link to post Share on other sites
baok 0 Report post Posted May 31, 2008 (edited) 1. Kamu ada 2 antivirus (AVG8 dan Norton 2005). Uninstall salah satu.. Jangan pakai 2 antivirus.. Jangan dengar kata orang yang 2 antivirus tu bagus.. Diorang tak tau apa-apa pun..------------------2. Bukak pendrive yg biasa digunakan dan buang fail di bawah (jika ada)RavMonE.exeprinter.exeinfrom.exeautorun.inf-----------------3. Pergi kat Start >> Run >> Copy/paste yg dibawah >> Tekan Enter"%userprofile%\desktop\dss.exe" /daftLepas tu ada DAFT pop-up akan muncul.. Tekan butang Scan.. Biar die scan kejap dan lepastu tandakan semua yang ada dan tekan butang Fix----------------4. Download OTMoveIt2 oleh OldTimer dan save kat DesktopCopy/paste yg dibawah ke petak Kuning yang bertulis "Paste List of Files/Folders to Move"[kill explorer] C:\WINDOWS\system32\ppVuDfhk.ini2 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd11350-345c-11dc-99a3-0000e8000b78} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379060f0-3191-11db-91df-0000e8000b78} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a35f70-707e-11db-9279-0000e8000b78} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642f9a50-fbe4-11dc-b8e9-0000e8000b78} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7817b981-4031-11dc-99cd-0000e8000b78} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ba39e0-0549-11dd-b908-0000e8000b78} HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a03abc0-0d49-11db-917f-0000e8000b78} EmptyTemp [start explorer]Dah tu, tekan butang Move It! yang kaler merah. Kalau dia perlu reboot, sila reboot pc anda.. Nanti ada log kat petak kaler.. hijau... copy/paste log tu kat sini..----------------5. Pergi kat Jotti dan scan file dibawahC:\WINDOWS\msg.execopy/paste result die kat sini-------------------6. Soalan.. Main ke game Zango?lepastu postkan sekali log DSS yg fresh.. Edited May 31, 2008 by baok Quote Share this post Link to post Share on other sites
B@zShâ„¢ 1 Report post Posted May 31, 2008 Hmmm...aku perhatikan baok nyer solution untuk setiap masalah malware/adware sama utk setiap pos Ko kerja apa baok?Ada involve bahagian security ker? Nanti ko boleh wat tutorial macamana nak remove malware/adware secara general menggunakan tools yang ko cadangkan tuDan bole la terangkan serba sedikit fungsi2 tools tersebut Quote Share this post Link to post Share on other sites
baok 0 Report post Posted May 31, 2008 (edited) Hmmm...aku perhatikan baok nyer solution untuk setiap masalah malware/adware sama utk setiap pos Ko kerja apa baok?Ada involve bahagian security ker? Nanti ko boleh wat tutorial macamana nak remove malware/adware secara general menggunakan tools yang ko cadangkan tuDan bole la terangkan serba sedikit fungsi2 tools tersebutaku just main2 je.. bukan buat betul2..http://forum.putera.com/tanya/index.php?show...st&p=711282 Edited May 31, 2008 by baok Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted June 1, 2008 (edited) Ni log slps gn OTmove it...Explorer killed successfullyC:\WINDOWS\system32\ppVuDfhk.ini2 moved successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd11350-345c-11dc-99a3-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dd11350-345c-11dc-99a3-0000e8000b78}\\ deleted successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379060f0-3191-11db-91df-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{379060f0-3191-11db-91df-0000e8000b78}\\ deleted successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a35f70-707e-11db-9279-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63a35f70-707e-11db-9279-0000e8000b78}\\ deleted successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642f9a50-fbe4-11dc-b8e9-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{642f9a50-fbe4-11dc-b8e9-0000e8000b78}\\ deleted successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7817b981-4031-11dc-99cd-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7817b981-4031-11dc-99cd-0000e8000b78}\\ deleted successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ba39e0-0549-11dd-b908-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ba39e0-0549-11dd-b908-0000e8000b78}\\ deleted successfully.< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a03abc0-0d49-11db-917f-0000e8000b78} >Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a03abc0-0d49-11db-917f-0000e8000b78}\\ deleted successfully.< EmptyTemp >File delete failed. C:\WINDOWS\temp\46d6af39-4841-45cf-b2c2-5391f98be45e.tmp scheduled to be deleted on reboot.Temp folders emptied.IE temp folders emptied.Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06012008_122453Files moved on Reboot...File C:\WINDOWS\temp\46d6af39-4841-45cf-b2c2-5391f98be45e.tmp not found!logfile baru..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:41:11, on 01/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXED:\Winamp\winampa.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.comO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 4741 bytes---------------------------------------------------------- dekat JOTI tu ak xtau nk scan ktne..just ade details tetang how to show your files je...- norton dh uninstall..tp npe still ade dlm system ek ?? Edited June 1, 2008 by me_iera Quote Share this post Link to post Share on other sites
baok 0 Report post Posted June 1, 2008 Hi.. saya minta maaf sebab bagi link yang salah.. silap copy dari canned speech..---------------1. Pergi kat Jotti's malware scan dan scan file di bawah... copy/paste result die kat sini..C:\WINDOWS\msg.exe--------------2. Postkan result Jotti dan fresh DSS log.. Saya tak mahu HijackThis log.. Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted June 1, 2008 fresh DSS log nk dptkn cmne ?sori xtau..hehe Quote Share this post Link to post Share on other sites
baok 0 Report post Posted June 1, 2008 Maksudnya, run sekali lagi Deckard System Scanner dan postkan log die kat sini..Jangan lupa result Jotti.. kalau tak tahu tanya Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted June 1, 2008 result Jotti Scan taken on 01 Jun 2008 14:36:26 (GMT)A-Squared Found nothingAntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found nothingBitDefender Found nothingClamAV Found PUA.Tool.RemoveWGACPsecure Found nothingDr.Web Found Tool.RemoveWGAF-Prot Antivirus Found nothingF-Secure Anti-Virus Found nothingFortinet Found nothingIkarus Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingPanda Antivirus Found nothingSophos Antivirus Found Mal/Emogen-GVirusBuster Found nothingVBA32 Found nothingLast file scanned at least one scanner reported something about: VulanPro405.rar (MD5: 39f622c7b13614e01321ca6d083ca1dc, size: 222308 bytes), detected by:A-Squared Trojan-Downloader.Win32.Delf.gpxAntiVir TR/Dldr.Delf.gpxArcaVir XAvast XAVG Antivirus Downloader.Generic7.IAIBitDefender XClamAV Trojan.Downloader-33043CPsecure Troj.Downloader.W32.Delf.gpxDr.Web XF-Prot Antivirus XF-Secure Anti-Virus Trojan-Downloader.Win32.Delf.gpxFortinet XIkarus Trojan-Downloader.Win32.Adload.dbKaspersky Anti-Virus Trojan-Downloader.Win32.Delf.gpxNOD32 XNorman Virus Control XPanda Antivirus XSophos Antivirus Mal/Generic-AVirusBuster XVBA32 Trojan-Downloader.Win32.Delf.gpxlogfile dssDeckard's System Scanner v20071014.68Run by Administrator on 2008-06-01 22:41:31Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 192 MiB (512 MiB recommended).-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:42:45, on 01/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeD:\Winamp\winampa.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Documents and Settings\Administrator\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXER1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.comO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 4819 bytes-- Files created between 2008-05-01 and 2008-06-01 -----------------------------2008-06-01 11:58:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.22008-05-30 15:06:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes2008-05-30 15:05:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-05-30 15:05:20 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-05-30 14:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\TeraCopy2008-05-30 14:29:46 0 d-------- C:\Program Files\TeraCopy2008-05-30 14:11:48 0 d--hs---- C:\Documents and Settings\Administrator\Recent2008-05-30 13:28:13 174592 --a------ C:\WINDOWS\system\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2008-05-30 03:10:36 6120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd2008-05-30 03:09:48 0 d-------- C:\WINDOWS\BricoPacks2008-05-30 02:42:28 0 d--hs---- C:\found.0002008-05-30 00:32:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\IDM2008-05-30 00:32:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache2008-05-30 00:31:24 0 d-------- C:\Program Files\Internet Download Manager2008-05-29 21:14:16 0 d--h----- C:\$AVG8.VAULT$2008-05-29 21:10:24 0 d-------- C:\WINDOWS\system32\drivers\Avg2008-05-29 21:10:00 0 d-------- C:\Program Files\AVG2008-05-29 21:09:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8-- Find3M Report ---------------------------------------------------------------2008-05-30 03:24:38 0 d-------- C:\Program Files\Movie Maker2008-05-30 03:22:17 65250 --a----c- C:\WINDOWS\BricoPackUninst.cmd2008-05-29 20:16:12 13824 --a------ C:\WINDOWS\msg.exe2008-05-04 09:26:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger2008-04-21 17:01:56 0 d-------- C:\Program Files\Counter-Strike2008-04-21 17:01:51 0 d-------- C:\Program Files\Counter-Strike17_bot2008-04-12 19:36:57 0 d--h----- C:\Program Files\InstallShield Installation Information2008-04-12 19:31:18 0 d-------- C:\Program Files\Common Files\InstallShield2008-04-10 15:56:52 0 d-------- C:\Program Files\VCop22008-04-08 16:59:20 13824 --a------ C:\readmsg.exe2008-04-04 18:59:50 2180 --a------ C:\WINDOWS\system32\d3d8caps.dat2008-03-15 20:44:22 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat2008-03-10 09:56:14 903909 --a------ C:\WINDOWS\Condition Zero Uninstaller.exe2008-03-03 14:25:38 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="D:\Winamp\winampa.exe" [16/01/2008 06:54]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/05/2008 21:10][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [30/05/2008 14:05]C:\Documents and Settings\Administrator\Desktop\Ayezz\Startup\RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19/03/2007 06:05:02]TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [02/06/2005 03:41:18]UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [21/05/2006 15:43:08][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableCAD"=1 (0x1)"DisableTaskMgr"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"DisableTaskMgr"=0 (0x0)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"DisableCMD"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoFolderOptions"=0 (0x0)"NotoolBarsOnTaskBar"=0 (0x0)"NoFileMenu"=0 (0x0)"NoShellSearchButton"=0 (0x0)"NoFind"=0 (0x0)"NoRun"=0 (0x0)"NoTrayItemsDisplay"=0 (0x0)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoFolderOptions"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=avgrsstx.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDuVpp[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkbackup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]"C:\Program Files\Ares\Ares.exe" -h[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAVAgent] /silent[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]"C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]"C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"-- End of Deckard's System Scanner: finished at 2008-06-01 22:47:34 ------------ Quote Share this post Link to post Share on other sites
baok 0 Report post Posted June 1, 2008 Ok.. 1, Bukak OTMoveIt2, Copy/paste yg dibawah ke petak Kuning yang bertulis "Paste List of Files/Folders to Move"[kill explorer] C:\WINDOWS\msg.exe C:\WINDOWS\system32\khfDuVpp*.* [start explorer]Dah tu, tekan butang Move It! yang kaler merah. Kalau dia perlu reboot, sila reboot pc anda.. Nanti ada log kat petak kaler.. hijau... copy/paste log tu kat sini..------------------2. Download Dr.Web CureIt dan save kat Desktop..Doubleclick DrWeb dan biar die run quick scan.. kemudian run complete scanLepas habis scan, pilih Select All --> click kat Cure --> Move incurableLepas tu click kat File --> Save report list. Save report kat Desktop. nama file tu DrWeb.csv.Post log tu..-----------------3. Post sekali log DSS baru.. Jawab soalan nih.. main game Zango tak? (online game) Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted June 3, 2008 jottiExplorer killed successfullyC:\WINDOWS\msg.exe moved successfully.< C:\WINDOWS\system32\khfDuVpp*.* >File/Folder C:\WINDOWS\system32\khfDuVpp*.* not found.Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_073123---------------------------------------------------------------------------------dr webA0635049.exe\data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP179\A0635049.exe;Adware.Zango;;A0635049.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP179;Archive contains infected objects;Moved.;A0661380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0662380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0663380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0664380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0665380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0665393.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0665406.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP185;Tool.RemoveWGA;Incurable.Deleted.;A0666406.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0667406.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0667421.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0667430.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0667443.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0667460.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0667477.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0668477.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0668512.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0668525.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0669525.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0669547.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0669561.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;data001\data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186\A0669570.exe\data001;Adware.Shopper;;data001\data002;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186\A0669570.exe\data001;Adware.SaveNow.128;;data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186\A0669570.exe;Archive contains infected objects;;A0669570.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Archive contains infected objects;Moved.;A0669623.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0670624.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0670638.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0670689.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0670699.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP186;Tool.RemoveWGA;Incurable.Deleted.;A0671699.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;A0672699.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;A0672710.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;A0672726.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;A0673726.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP187;Tool.RemoveWGA;Incurable.Deleted.;A0674726.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0674736.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0675749.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0676750.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0677750.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0677774.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0678774.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0679775.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0679788.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0680788.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0681789.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP188;Tool.RemoveWGA;Incurable.Deleted.;A0682798.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0683799.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0684798.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685798.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685810.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685822.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685834.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685849.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685861.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0685874.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0686873.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0686885.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0688885.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0688899.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0688920.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0688933.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0688947.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0689948.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0689961.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP189;Tool.RemoveWGA;Incurable.Deleted.;A0690962.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0690975.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0692975.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0694980.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0694995.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0695007.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0696007.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0696018.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0696033.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0698033.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0698047.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0699056.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0699070.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0700069.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0701069.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0702069.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0702082.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0702112.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0702126.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0703125.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0704125.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0704133.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0705133.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0705154.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0706155.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP190;Tool.RemoveWGA;Incurable.Deleted.;A0707159.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707174.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707186.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707199.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707207.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707222.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707239.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0707257.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0708258.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0708324.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0708338.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0709338.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0709354.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0709369.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0709380.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0709394.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0709403.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0710404.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0710418.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP191;Tool.RemoveWGA;Incurable.Deleted.;A0712423.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0712433.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0712446.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0713446.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0713456.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0714456.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0714468.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0715468.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0715571.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP192;Tool.RemoveWGA;Incurable.Deleted.;A0716583.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0717583.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0718583.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0718596.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0718609.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0719622.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0719641.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0719653.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0719669.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0719681.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0719802.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP193;Tool.RemoveWGA;Incurable.Deleted.;A0722751.exe\data001;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP196\A0722751.exe;Probably BACKDOOR.Trojan;;A0722751.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP196;Archive contains infected objects;Moved.;A0722752.exe;C:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP196;Tool.RemoveWGA;Incurable.Deleted.;msg.exe;C:\_OTMoveIt\MovedFiles\06022008_073123\WINDOWS;Tool.RemoveWGA;Incurable.Deleted.;portableav16b.exe\data001;D:\Photoshop Brushes\apesaje\~comp~\portableav16b.exe;Probably BACKDOOR.Trojan;;portableav16b.exe;D:\Photoshop Brushes\apesaje\~comp~;Archive contains infected objects;Moved.;A0723766.exe\data001;D:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP197\A0723766.exe;Probably BACKDOOR.Trojan;;A0723766.exe;D:\System Volume Information\_restore{97207501-A78C-4BF2-9B15-7B9FF95F2A64}\RP197;Archive contains infected objects;Moved.;---------------------------------------------------------------------------------dssDeckard's System Scanner v20071014.68Run by Administrator on 2008-06-03 14:51:16Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 76% (more than 75%).Total Physical Memory: 192 MiB (512 MiB recommended).-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:53:14, on 03/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\svchost.exeD:\Winamp\winampa.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Documents and Settings\Administrator\Desktop\cureit.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\_start.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\setup.exeC:\PROGRA~1\AVG\AVG8\avgscanx.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Administrator\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXEC:\PROGRA~1\AVG\AVG8\avgupd.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://seventeen.my163.comO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDC30C9-7392-41B1-97F7-51611ADC438A}: NameServer = 202.188.0.133,202.188.1.5O17 - HKLM\System\CS3\Services\Tcpip\..\{0CB9E12F-7C41-4AD9-85C7-8EE4A1853D0E}: NameServer = 202.188.0.133 202.188.1.5O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 5202 bytes-- Files created between 2008-05-03 and 2008-06-03 -----------------------------2008-06-02 07:35:10 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb2008-06-01 11:58:59 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.22008-05-30 15:06:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes2008-05-30 15:05:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-05-30 15:05:20 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-05-30 14:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\TeraCopy2008-05-30 14:29:46 0 d-------- C:\Program Files\TeraCopy2008-05-30 14:11:48 0 d--hs---- C:\Documents and Settings\Administrator\Recent2008-05-30 13:28:13 174592 --a------ C:\WINDOWS\system\framedyn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>2008-05-30 03:10:36 6120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd2008-05-30 03:09:48 0 d-------- C:\WINDOWS\BricoPacks2008-05-30 02:42:28 0 d--hs---- C:\found.0002008-05-30 00:32:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\IDM2008-05-30 00:32:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache2008-05-30 00:31:24 0 d-------- C:\Program Files\Internet Download Manager2008-05-29 21:14:16 0 d--h----- C:\$AVG8.VAULT$2008-05-29 21:10:24 0 d-------- C:\WINDOWS\system32\drivers\Avg2008-05-29 21:10:00 0 d-------- C:\Program Files\AVG2008-05-29 21:09:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8-- Find3M Report ---------------------------------------------------------------2008-05-30 03:24:38 0 d-------- C:\Program Files\Movie Maker2008-05-30 03:22:17 65250 --a----c- C:\WINDOWS\BricoPackUninst.cmd2008-05-04 09:26:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! Messenger2008-04-21 17:01:56 0 d-------- C:\Program Files\Counter-Strike2008-04-21 17:01:51 0 d-------- C:\Program Files\Counter-Strike17_bot2008-04-12 19:36:57 0 d--h----- C:\Program Files\InstallShield Installation Information2008-04-12 19:31:18 0 d-------- C:\Program Files\Common Files\InstallShield2008-04-10 15:56:52 0 d-------- C:\Program Files\VCop22008-04-04 18:59:50 2180 --a------ C:\WINDOWS\system32\d3d8caps.dat2008-03-15 20:44:22 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat2008-03-10 09:56:14 903909 --a------ C:\WINDOWS\Condition Zero Uninstaller.exe2008-03-03 14:25:38 5702 --ah----- C:\WINDOWS\nod32restoretemdono.reg-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinampAgent"="D:\Winamp\winampa.exe" [16/01/2008 06:54]"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [29/05/2008 21:10][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [30/05/2008 14:05]"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 17:43]C:\Documents and Settings\Administrator\Desktop\Ayezz\Startup\RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [19/03/2007 06:05:02]TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [02/06/2005 03:41:18]UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [21/05/2006 15:43:08][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableCAD"=1 (0x1)"DisableTaskMgr"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"DisableTaskMgr"=0 (0x0)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"DisableCMD"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoFolderOptions"=0 (0x0)"NotoolBarsOnTaskBar"=0 (0x0)"NoFileMenu"=0 (0x0)"NoShellSearchButton"=0 (0x0)"NoFind"=0 (0x0)"NoRun"=0 (0x0)"NoTrayItemsDisplay"=0 (0x0)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoFolderOptions"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"=avgrsstx.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDuVpp[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkbackup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]"C:\Program Files\Ares\Ares.exe" -h[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAVAgent] /silent[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]"C:\Program Files\Zango\bin\10.1.181.0\Weather.exe" -auto[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]C:\Program Files\Zango\bin\10.1.181.0\OEAddOn.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]"C:\Program Files\Zango\bin\10.1.181.0\ZangoSA.exe"-- End of Deckard's System Scanner: finished at 2008-06-03 15:00:28 --------------------------------------------------------------------------------------------game zango tu xmen pon.. Quote Share this post Link to post Share on other sites
Hiruka 4 Report post Posted June 3, 2008 wah pening tgk thread nih..pinau² mata..maybe klu wat skit cleaning pc leh bantu kot..try guna Your Uninstaller pro..uninstall mane² yg tak perlu..find/clean temporary files..Guna tuneup Utilities 2008 in addition ok gak..fix registry skali..jgn gopoh-gapah, nk fix pc kena cool n steady.. Quote Share this post Link to post Share on other sites
baok 0 Report post Posted June 3, 2008 (edited) Sikit saja lagi..1. Uninstall Zango dari Add or Remove Programs dan buang folder di bawahC:\Program Files\Zango------------------------2. 1, Bukak OTMoveIt2, Copy/paste yg dibawah ke petak Kuning yang bertulis "Paste List of Files/Folders to Move"HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSADah tu, tekan butang Move It! yang kaler merah. Kalau dia perlu reboot, sila reboot pc anda.. ------------------------3. Ada satu registry aku tak berani sentuh.. LSA key.. Kalau salah buang, pc sdr mungkin langsung takleh masuk Windows[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDuVppYang kaler merah tu patut takde.. itu entry malware.. Kalau sdr berani amik risiko, pergi kat regedit dan buang yang kaler merah tu sahaja.. tinggalkan msv1_0Kalau tak confident dan PC dah takde problem, better tinggalkan saja..--------------------------------------wah pening tgk thread nih..pinau² mata..maybe klu wat skit cleaning pc leh bantu kot..try guna Your Uninstaller pro..uninstall mane² yg tak perlu..find/clean temporary files..Guna tuneup Utilities 2008 in addition ok gak..fix registry skali..jgn gopoh-gapah, nk fix pc kena cool n steady.. If you are very well trained, you just smile looking at the logs..Ini pun aku just main2.. kalau buat betul2 aku akan gunakan tools yg lain.. but rest assured that my intention is to fix user's pc.. Edited June 3, 2008 by baok Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted June 3, 2008 ok dh..successfull..ade pape lg x ? Quote Share this post Link to post Share on other sites
baok 0 Report post Posted June 3, 2008 Kalau dah takde problem lagi, you are good to go.. Quote Share this post Link to post Share on other sites
edu_gen 0 Report post Posted June 3, 2008 okies...thanks a lot bro.. Quote Share this post Link to post Share on other sites