Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me.i Dont Know What's The Problem!


  • Please log in to reply
4 replies to this topic

#1 sCHapICka

sCHapICka

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 26 February 2008 - 10:35 AM

ComboFix 08-02-25.3 - Mohd Fuad Yusoff 2008-02-26 22:25:32.1 - NTFSx86
Running from: C:\Users\Mohd Fuad Yusoff\Documents\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-23 23:16 . 2008-02-25 22:35 <DIR> d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Sammsoft
2008-02-22 19:01 . 2008-02-22 19:01 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-22 19:01 . 2008-02-22 19:01 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-22 18:59 . 2008-02-22 18:59 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 22:49 . 2008-02-18 22:49 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-18 22:49 . 2008-02-18 22:49 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-18 22:49 . 2008-02-18 22:49 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-18 22:49 . 2008-02-18 22:49 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-18 22:49 . 2008-02-18 22:49 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-18 22:49 . 2008-02-18 22:49 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-18 22:49 . 2008-02-18 22:49 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-15 13:47 . 2008-02-15 13:47 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-15 13:47 . 2008-02-15 13:47 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-15 13:47 . 2008-02-15 13:47 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-15 13:47 . 2008-02-15 13:47 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-15 13:47 . 2008-02-15 13:47 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 22:57 . 2008-02-13 22:57 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 22:57 . 2008-02-13 22:57 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-10 12:18 . 2008-02-10 12:18 <DIR> d-------- C:\Users\Guest\AppData\Roaming\PCToolsSpamMonitorPlus
2008-02-10 12:18 . 2008-02-10 12:18 <DIR> d-------- C:\Users\Guest\AppData\Roaming\PCToolsFirewallPlus
2008-02-10 11:36 . 2008-02-10 11:36 <DIR> d-------- C:\Users\Guest\AppData\Roaming\Yahoo!
2008-02-10 11:36 . 2008-02-10 11:36 <DIR> d-------- C:\Users\Guest\AppData\Roaming\PC Suite
2008-02-05 17:40 . 2008-02-05 17:40 <DIR> d-------- C:\Windows\webmark
2008-02-05 17:40 . 2008-02-05 17:40 <DIR> d-------- C:\Windows\audioplus
2008-02-05 17:40 . 2008-02-05 17:42 <DIR> d-------- C:\Program Files\SuperAVConverter
2008-02-04 23:58 . 2008-02-05 00:02 <DIR> d-------- C:\MPCBAK
2008-02-04 21:50 . 2008-02-04 21:50 <DIR> d-------- C:\Users\All Users\Symantec
2008-02-04 21:50 . 2008-02-04 21:50 <DIR> d-------- C:\ProgramData\Symantec
2008-02-04 19:12 . 2008-02-04 19:12 <DIR> d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\PCToolsSpamMonitorPlus
2008-02-04 19:12 . 2008-02-04 19:12 <DIR> d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\PCToolsFirewallPlus
2008-02-04 15:48 . 2008-02-04 15:48 <DIR> d-------- C:\Users\All Users\Installations
2008-02-04 15:48 . 2008-02-04 15:48 <DIR> d-------- C:\ProgramData\Installations
2008-02-04 15:20 . 2008-02-26 18:53 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-04 15:20 . 2008-02-26 18:53 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-04 15:16 . 2007-11-30 17:17 218,536 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-02-04 15:16 . 2007-11-30 07:28 123,904 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-02-04 15:16 . 2007-11-30 17:17 40,872 --a------ C:\Windows\System32\drivers\pctmp.sys
2008-02-04 15:16 . 2007-11-30 17:17 18,344 --a------ C:\Windows\System32\drivers\pctssipc.sys
2008-02-04 15:15 . 2008-02-04 15:15 <DIR> d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\PC Tools
2008-02-04 15:15 . 2008-02-04 15:16 <DIR> d-------- C:\Users\All Users\PC Tools
2008-02-04 15:15 . 2008-02-04 15:16 <DIR> d-------- C:\ProgramData\PC Tools
2008-02-04 15:15 . 2008-02-25 22:35 <DIR> d-------- C:\Program Files\PC Tools Internet Security
2008-02-04 15:15 . 2008-02-04 15:16 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-04 15:15 . 2007-12-05 14:32 81,320 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-04 15:15 . 2007-12-05 14:32 66,984 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-04 15:15 . 2007-12-05 14:32 41,896 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-04 15:15 . 2007-11-30 17:17 29,608 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-01 18:36 . 2008-02-01 18:36 <DIR> d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Nokia Multimedia Player
2008-02-01 18:23 . 2008-02-01 18:23 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-01 18:22 . 2008-02-01 18:22 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-01 18:22 . 2008-02-01 18:22 1,409 --a------ C:\Windows\QTFont.for
2008-02-01 18:04 . 2008-02-01 18:04 <DIR> d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\PC Suite
2008-02-01 18:03 . 2008-02-01 18:03 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-01 18:03 . 2008-02-01 18:03 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-02-01 17:45 . 2008-02-01 18:23 <DIR> d-------- C:\Program Files\Nokia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 11:01 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-22 11:01 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-22 11:01 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-22 11:01 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 14:54 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 14:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 14:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 14:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-01 10:22 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-01-22 09:49 --------- d-----w C:\Program Files\Windows Mail
2008-01-21 13:04 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-21 11:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-21 11:07 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-17 23:03 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-17 23:03 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2007-12-30 00:08 --------- d-----w C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Media Player Classic
2007-12-30 00:06 --------- d-----w C:\Program Files\Ringz Studio
2007-12-12 19:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 19:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 19:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-08-30 06:05 174 --sha-w C:\Program Files\desktop.ini
2007-06-11 09:00 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-11 09:00 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-11 09:00 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 19:07 1232896]
"????r"="" []
"?????????"="??????????????e" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 20:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-27 19:56 171448]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 20:35 191488]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"@"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08 4670968]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-29 00:43 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 14:45 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 13:37 4186112 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 10:58 464168]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-11 15:47 483328]
"eRecoveryService"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-27 19:57 185632]
"ClientGW"="" []
"eSnips"="C:\PROGRA~1\eSnips\ClientGW.exe" [2007-09-16 13:04 720896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 18:30 517768]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088]
"ISTray"="C:\Program Files\PC Tools Internet Security\pctsTray.exe" [2007-11-30 17:17 1101224]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 20:44:06 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50 703280]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-01-13 11:52:28 528384]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-02-05 17:45:42 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{695F4F82-7B39-4F55-87BB-1A747598CBA1}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{6893C4CD-1303-4D1B-92AA-ACEA8BB7262D}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{69A06394-813E-4F32-A663-44451AE471E0}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{0A55991F-9B50-4713-8CBD-33F6681D1D37}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AD3ABF26-649B-4308-A769-606E445EF652}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5C71CC50-9FF8-4E5D-9F15-8C55F7659572}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B9CEB424-4A84-4A1C-B2C9-35C662ED9CAA}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{D9087888-5D9C-490C-BEF8-4F8451EA30B6}C:\program files\yahoo!\messenger\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"UDP Query User{DDC261C0-D2FE-4BFD-BFF4-09D87F8EE09E}C:\program files\yahoo!\messenger\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger|Desc=Yahoo! Messenger
"TCP Query User{9AB9FC47-FA6C-406D-875D-26BBDF931989}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
"UDP Query User{265FB3EE-BFA7-4880-BB21-AD2B0C1A52BF}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-03 10:59]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-01-03 10:59]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-01-03 10:59]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2007-11-30 17:17]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\Windows\system32\drivers\pctmp.sys [2007-11-30 17:17]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\Windows\system32\drivers\pctssipc.sys [2007-11-30 17:17]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-01-03 10:58]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 12:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-03 08:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-25 04:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 09:42]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-01-13 08:34]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 14:38]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 17:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 15:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 15:13]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04cde114-7b17-11dc-a662-0019d2ad0e27}]
\shell\Auto\command - MicrosoftPowerPoint.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cf9b163-40d0-11dc-9090-0019d2ad0e27}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2abb49a9-18b5-11dc-b434-001b24161d58}]
\shell\Autoplay\command - MySexy.exe
\shell\AutoRun\command - MySexy.exe
\shell\Explore\command - MySexy.exe
\shell\OPEN\command - MySexy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2abb49b3-18b5-11dc-b434-001b24161d58}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a82fba-44b9-11dc-8f46-0019d2ad0e27}]
\shell\Auto\command - RavMonE.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a82fcb-44b9-11dc-8f46-0019d2ad0e27}]
\shell\Auto\command - F:\RavMonE.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{496e5e6c-1fe6-11dc-9b84-0019d2ad0e27}]
\shell\AutoRun\command - ie.exe
\shell\explore\Command - ie.exe
\shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51a5ae0e-7a66-11dc-b042-0019d2ad0e27}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff7228d-2e00-11dc-9dc5-001b24161d58}]
\shell\Auto\command - MicrosoftPowerPoint.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63062ed5-40a7-11dc-ba4c-0019d2ad0e27}]
\shell\Auto\command - RavMonE.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{787318a5-17ff-11dc-a108-001b24161d58}]
\shell\Auto\command - RavMonE.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84bae264-40b6-11dc-bb96-0019d2ad0e27}]
\shell\Auto\command - RavMonE.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae745df9-78da-11dc-b27f-0019d2ad0e27}]
\shell\Auto\command - RavMonE.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b11d95-2564-11dc-80c8-0019d2ad0e27}]
\shell\Auto\command - G:\bleeping.bat
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\bleeping.bat
\shell\Option1\Command - G:\bleepiNG.bat
\shell\Option2\Command - G:\bleepiNG.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7929850-1a15-11dc-9b9e-0019d2ad0e27}]
\shell\Auto\command - infrom.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cda27a8b-55fd-11dc-94b8-001b24161d58}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfd0cc16-53ca-11dc-9092-001b24161d58}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e568ea71-198e-11dc-be85-001b24161d58}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e568ea77-198e-11dc-be85-001b24161d58}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e568ea7f-198e-11dc-be85-001b24161d58}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\shell\Open\command - Boot.exe e

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 15:20:15 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-26 15:25:24 C:\Windows\Tasks\User_Feed_Synchronization-{3CE8A75B-19D0-4515-B98B-B990ED458031}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 23:11:56
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 23:26:27
.
2008-02-26 10:41:00 --- E O F ---

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:16 AM

Posted 15 March 2008 - 04:06 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#3 sCHapICka

sCHapICka
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2008 - 09:09 AM

Deckard's System Scanner v20071014.68
Run by Mohd Fuad Yusoff on 2008-04-10 21:51:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-04-10 13:08:11 UTC - RP299 - Installed QUICKfind
6: 2008-04-10 09:05:46 UTC - RP297 - Windows Update
5: 2008-04-10 06:55:24 UTC - RP296 - Installed VeohTV BETA
4: 2008-04-09 13:16:43 UTC - RP294 - Scheduled Checkpoint
3: 2008-04-07 16:15:23 UTC - RP293 - Installed Ovation


-- First Restore Point --
1: 2008-04-03 06:30:39 UTC - RP291 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).
System Drive C: has 6.9 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 21:59:21
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Ares\Ares.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\MOHDFU~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\igfxext.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
C:\Program Files\PC Tools Internet Security\pctsSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\OALD7\qttask.exe
C:\Windows\System32\QuickTime\QuickTimeUpdateHelper.exe
C:\Windows\System32\taskeng.exe
D:\OALD7\oald7.exe
C:\Windows\System32\UAService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Mohd Fuad Yusoff\Documents\dss.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\System32\Macromed\Flash\FlashUtil9c.exe
C:\Windows\System32\SearchProtocolHost.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Users\Mohd Fuad Yusoff\Documents\TheSage_Setup_1-4-0.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eSnips] "C:\PROGRA~1\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "d:\oald7\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\Windows\System32\UAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe


--
End of file - 15533 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 tifm21 - c:\windows\system32\drivers\tifm21.sys <Not Verified; Texas Instruments; Texas Instruments PCIxx21/PCIxx12 Integrated FlashMedia Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 UserAccess (SecuROM User Access Service) - c:\windows\system32\uaservice.exe
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>

S3 AresChatServer (Ares Chatroom server) - d:\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&3156CA1E&0&4AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_01101025&REV_00\4&3156CA1E&0&4AF0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-04-10 22:00:00 440 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{3CE8A75B-19D0-4515-B98B-B990ED458031}.job


-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-10 21:21:29 126976 --a------ C:\Windows\system32\UAService.exe
2008-04-10 21:21:28 90112 --a------ C:\Windows\system32\CmdLineExt.dll
2008-04-10 21:08:50 0 d-------- C:\Program Files\TEXTware
2008-04-10 21:08:50 0 d-------- C:\Program Files\IDM
2008-04-10 21:08:44 160768 --a------ C:\Windows\system32\ILLKRN.DLL <Not Verified; TEXTware A/S; Illuminator 2.0>
2008-04-10 21:08:41 205312 --a------ C:\Windows\system32\Illprs.dll <Not Verified; TEXTware A/S; Illuminator 2.0>
2008-04-10 21:06:57 86016 --a------ C:\Windows\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-04-10 21:05:52 0 d-------- C:\Windows\system32\QuickTime
2008-04-10 21:04:46 0 d-------- C:\Users\All Users\QuickTime
2008-04-08 00:11:59 0 d-------- C:\Users\All Users\Serious Magic
2008-04-08 00:11:59 0 d-------- C:\Program Files\Serious Magic
2008-03-28 15:06:19 171008 --a------ C:\Windows\system32\GeeKz_db.dll
2008-03-25 02:01:44 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-25 01:52:33 0 d-------- C:\Windows\system32\x64


-- Find3M Report ---------------------------------------------------------------

2008-04-10 21:12:53 0 d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\oald7
2008-04-10 21:08:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-10 20:17:21 0 d-------- C:\Program Files\PC Tools Internet Security
2008-04-10 17:46:52 12 --a------ C:\Windows\bthservsdp.dat
2008-04-10 17:46:35 0 d-------- C:\Program Files\Windows Mail
2008-04-08 14:43:45 0 d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Serious Magic
2008-04-08 00:18:25 0 d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Mozilla
2008-04-08 00:05:30 0 d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Thinstall
2008-03-22 21:54:08 0 d-------- C:\Program Files\Nokia
2008-03-22 21:54:08 0 d-------- C:\Program Files\Common Files
2008-03-07 23:52:40 39 --a------ C:\MUI00
2008-03-04 13:02:45 0 d-------- C:\Program Files\Real Alternative
2008-03-01 19:36:25 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-01 19:35:12 0 d-------- C:\Program Files\Common Files\Real
2008-03-01 19:34:51 0 d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Real
2008-02-29 23:55:27 0 d-------- C:\Program Files\eSnips
2008-02-25 22:35:11 0 d-------- C:\Users\Mohd Fuad Yusoff\AppData\Roaming\Sammsoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [29/07/2007 12:43 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/11/2006 02:45 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/12/2006 01:37 PM C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [03/01/2007 10:58 AM]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [11/01/2007 03:47 PM]
"eRecoveryService"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"ClientGW"="" []
"eSnips"="C:\PROGRA~1\eSnips\ClientGW.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [08/06/2007 10:59 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [12/03/2007 06:30 PM]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [27/11/2006 02:30 AM]
"ISTray"="C:\Program Files\PC Tools Internet Security\pctsTray.exe" [30/11/2007 05:17 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 05:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 05:06 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 05:07 PM]
"QuickTime Task"="d:\oald7\qttask.exe" [10/04/2008 09:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/01/2008 07:07 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 08:35 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [27/08/2007 07:56 PM]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [02/11/2006 08:35 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [11/08/2005 03:30 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [07/06/2007 02:08 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:36 PM]
"ares"="D:\Ares\Ares.exe" [17/07/2007 05:54 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [01/04/2008 06:35 PM]
"@"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 8:44:06 PM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3/11/2006 5:55:50 PM]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [13/1/2007 11:52:28 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [5/2/2008 5:45:42 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04cde114-7b17-11dc-a662-0019d2ad0e27}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{496e5e6c-1fe6-11dc-9b84-0019d2ad0e27}]
AutoRun\command- ie.exe
explore\Command- ie.exe
open\Command- ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b11d95-2564-11dc-80c8-0019d2ad0e27}]
Auto\command- G:\bleeping.bat
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\bleeping.bat
Option1\Command- G:\bleepiNG.bat
Option2\Command- G:\bleepiNG.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfd0cc16-53ca-11dc-9092-001b24161d58}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e568ea71-198e-11dc-be85-001b24161d58}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e568ea77-198e-11dc-be85-001b24161d58}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e568ea7f-198e-11dc-be85-001b24161d58}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- Boot.exe e


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-10 22:02:29 ------------

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:16 AM

Posted 10 April 2008 - 08:31 PM

Hello sCHapICka,

I merged your new topic to your previous topic. Please use the Add Reply button to add your responses to this thread.

Back to you Grinler.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:16 AM

Posted 11 April 2008 - 10:52 AM

Please submit this file to http://www.bleepingcomputer.com/submit-malware.php?channel=3

G:\bleepiNG.bat


Then,

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users