Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hijackthis Log


  • Please log in to reply
24 replies to this topic

#1 Tmak

Tmak

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 09 May 2008 - 08:42 PM

computer start with black screen with no desktop, i have to open new explore.exe from task manager to get desketop back but once i restart its the same black screen, please help



Running processes
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\UPP\mirc_upp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common

Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Elaborate

Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering

Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Werly\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page = http://go.microsoft.com/fwlink/?

LinkId=56626&homepage=http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe

C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-

17B458C2A3A8} - C:\Program Files\Internet Download

Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-

BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-

45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-

1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32

\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%

\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32

\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32

\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32

\igfxpers.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program

Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program

Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad

Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader]

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program

Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common

Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager]

"C:\Program Files\Common

Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1

\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program

Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%

\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program

Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program

Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program

Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-

4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program

Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-

4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] -C:\Program Files\Windows

Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet

Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows

Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Ad Muncher] C:\Program Files\Ad

Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-

88D8A56B10AA}] -"C:\Program Files\Common

Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [?????????] -
O4 - HKCU\..\Run: [????r] -
O4 - HKCU\..\Run: [DSS] C:\Windows\HostServEdit32.exe
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares

Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program

Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"

-startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -

cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe"

-h
O4 - HKCU\..\Run: [BM0f937980] Rundll32.exe

"C:\Users\Werly\AppData\Local\Temp\nhejtdcd.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows

Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe

C:\Users\Werly\AppData\Local\Temp\byXOFWND.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]

rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%

\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK

SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk =

?
O8 - Extra context menu item: Block frame with Ad Muncher

-

http://www.admuncher.com/request_will_be_intercepted_by/Ad

_Muncher/browserextensions.pl?

exbrowser=ie&exversion=0.4&pass=M44565OQ&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher

-

http://www.admuncher.com/request_will_be_intercepted_by/Ad

_Muncher/browserextensions.pl?

exbrowser=ie&exversion=0.4&pass=M44565OQ&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher -

http://www.admuncher.com/request_will_be_intercepted_by/Ad

_Muncher/browserextensions.pl?

exbrowser=ie&exversion=0.4&pass=M44565OQ&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad

Muncher -

http://www.admuncher.com/request_will_be_intercepted_by/Ad

_Muncher/browserextensions.pl?

exbrowser=ie&exversion=0.4&pass=M44565OQ&id=menu_ie_exclud

e
O8 - Extra context menu item: Download All Links with IDM

- C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM -

C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Report page to the Ad

Muncher developers -

http://www.admuncher.com/request_will_be_intercepted_by/Ad

_Muncher/browserextensions.pl?

exbrowser=ie&exversion=0.4&pass=M44565OQ&id=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0

-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button:

@C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-

070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-

00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem:

@C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-

070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_uni

code.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}

(CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden

-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}

(DivXBrowserPlugin Object) -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} -

http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}

(TSEasyInstallX Control) -

http://www.trendsecure.com/easy_install/_activex/en-

US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClien

t.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1

\GOEC62~1.DLL eNetHook.dll
O23 - Service: Ares Chatroom server (AresChatServer) -

Ares Development Group - C:\Program

Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec

Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT -

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. -

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. -

C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer

Inc. - C:\Acer\Empowering

Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) -

Unknown owner - C:\Acer\Empowering

Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.1.709.19590

(GoogleDesktopManager-091907-194040) - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling

Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate

Notice Ex) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}

\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner -

C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program

Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program

Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)

(RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Services Control - FileZilla

Project - c:\windows\system32\drivers\services.exe
O23 - Service: ePower Service (WMIService) - acer -

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. -

C:\Windows\system32\DRIVERS\xaudio.exe

Edited by Tmak, 10 May 2008 - 07:23 AM.


BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 30 May 2008 - 09:47 AM

Hello Tmak,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log, including the header, to make sure nothing has changed, and I'll be happy to look at it for you.

The current formatting of your log makes it difficult to read. Please open Notepad:
On top, click Format >uncheck Word Wrap.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Tmak

Tmak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 31 May 2008 - 09:01 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:27 PM, on 5/9/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\UPP\mirc_upp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Werly\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566....acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] -C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [?????????] -
O4 - HKCU\..\Run: [????r] -
O4 - HKCU\..\Run: [DSS] C:\Windows\HostServEdit32.exe
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BM0f937980] Rundll32.exe "C:\Users\Werly\AppData\Local\Temp\nhejtdcd.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Werly\AppData\Local\Temp\byXOFWND.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL eNetHook.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Services Control - FileZilla Project - c:\windows\system32\drivers\services.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13821 bytes

#4 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:02:00 AM

Posted 31 May 2008 - 09:12 PM

Merged new HJT log with original topic.

Keeping all of your replies in one thread, makes it easier for the ones helping you out.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 31 May 2008 - 09:51 PM

Hello,

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!Avira OR Avast are good FREE antivirus. Please run a full system scan with the one you chose and let it clean all it finds.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 Tmak

Tmak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 31 May 2008 - 11:04 PM

my combofix log



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{0CA04~1
C:\Program Files\Common Files\{3CA04~1
C:\Users\Werly\AppData\Roaming\inst.exe
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\drivers\services.exe
C:\Windows\system32\hggGWpmk.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-30 09:16 . 2008-05-30 09:18 <DIR> d-------- C:\Program Files\RegDoctor
2008-05-30 09:16 . 2005-02-12 16:43 245,760 --a------ C:\Windows\System32\vbalColumnTreeView6.ocx
2008-05-30 09:16 . 2003-01-26 14:41 40,960 --a------ C:\Windows\System32\SSubTmr6.dll
2008-05-30 09:16 . 1999-03-12 02:20 18,728 --a------ C:\Windows\System32\ISHF_Ex.tlb
2008-05-30 09:16 . 1998-03-18 17:45 8,096 --a------ C:\Windows\System32\OLEGUIDS.TLB
2008-05-30 09:14 . 2008-05-30 11:50 <DIR> d-------- C:\Program Files\a-squared Free
2008-05-30 09:00 . 2008-05-30 09:00 <DIR> d-------- C:\Program Files\SpywareGuard
2008-05-30 08:09 . 2008-05-30 08:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-30 08:05 . 2008-05-30 08:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-30 01:11 . 2008-05-30 01:11 <DIR> d-------- C:\Users\Werly\AppData\Roaming\PC Tools
2008-05-30 01:11 . 2008-05-30 01:13 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-30 01:11 . 2007-10-04 17:10 79,688 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-30 01:11 . 2007-10-04 17:10 62,280 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-30 01:11 . 2007-10-04 17:10 41,288 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-30 01:11 . 2007-10-04 17:11 29,000 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-30 01:10 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-05-30 00:37 . 2008-05-30 00:37 2,310 --a------ C:\Windows\System32\tmp.reg
2008-05-30 00:37 . 2008-05-30 00:37 691 --a------ C:\Users\Werly\AppData\Roaming\GetValue.vbs
2008-05-30 00:37 . 2008-05-30 00:37 35 --a------ C:\Users\Werly\AppData\Roaming\SetValue.bat
2008-05-30 00:36 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-30 00:36 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-30 00:36 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-05-30 00:36 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-05-30 00:36 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\404Fix.exe
2008-05-30 00:36 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-05-30 00:36 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-30 00:36 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-29 17:56 . 2005-11-30 22:20 2,314,332 --a------ C:\Windows\System32\LIBMMD.DLL
2008-05-29 17:56 . 2000-05-21 23:00 647,872 --a------ C:\Windows\System32\mscomct2.ocx
2008-05-29 03:19 . 2008-05-29 03:19 <DIR> d-------- C:\Windows\System32\ipp20
2008-05-29 03:18 . 2008-05-29 03:18 <DIR> d-------- C:\Program Files\Pioneer
2008-05-27 20:16 . 2008-03-07 20:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 20:16 . 2008-03-08 00:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-18 21:14 . 2008-05-18 21:14 <DIR> d-------- C:\Users\All Users\Ad Muncher
2008-05-18 21:14 . 2008-05-18 21:14 <DIR> d-------- C:\ProgramData\Ad Muncher
2008-05-18 17:05 . 2008-05-30 11:51 <DIR> d-------- C:\Invision
2008-05-18 13:17 . 2008-05-30 11:51 <DIR> d-------- C:\Program Files\CrossLoop
2008-05-18 11:54 . 2008-05-18 12:40 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-18 11:54 . 2008-05-18 12:40 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-18 11:54 . 2008-05-18 11:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
2008-05-13 03:03 . 2007-02-15 22:46 311,296 --a------ C:\Windows\System32\mswmdm.dll
2008-05-13 03:03 . 2007-02-15 22:48 36,864 --a------ C:\Windows\System32\wmdmps.dll
2008-05-13 03:03 . 2007-02-15 22:48 31,744 --a------ C:\Windows\System32\wmdmlog.dll
2008-05-11 19:11 . 2005-08-25 18:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL
2008-05-11 18:55 . 2008-05-29 22:04 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-05-11 18:45 . 2008-05-11 18:45 <DIR> d-------- C:\Users\All Users\Avira
2008-05-11 18:45 . 2008-05-11 18:45 <DIR> d-------- C:\ProgramData\Avira
2008-05-11 18:45 . 2008-05-11 18:45 <DIR> d-------- C:\Program Files\Avira
2008-05-11 18:30 . 2008-05-11 18:30 <DIR> d-------- C:\Users\Werly\AppData\Roaming\Uniblue
2008-05-11 17:45 . 2008-05-11 17:59 <DIR> d-------- C:\Windows\Panther
2008-05-11 17:45 . 2007-05-31 09:21 223,112 --a------ C:\Windows\System32\rapistub.dll
2008-05-11 17:45 . 2007-05-31 09:21 105,352 --a------ C:\Windows\System32\rapi.dll
2008-05-11 17:45 . 2007-05-31 09:21 75,144 --a------ C:\Windows\System32\ceutil.dll
2008-05-11 17:45 . 2007-05-31 09:20 46,984 --a------ C:\Windows\System32\wmcoinst-070531-0845.dll
2008-05-11 17:45 . 2007-05-31 09:20 24,968 --a------ C:\Windows\System32\wcescommproxy.dll
2008-05-11 17:45 . 2007-05-31 09:20 24,456 --a------ C:\Windows\System32\rapiproxystub.dll
2008-05-11 17:43 . 2008-05-11 15:28 <DIR> d-------- C:\Windows\Debug
2008-05-11 17:28 . 2008-05-11 17:28 <DIR> d--h----- C:\$WINDOWS.~Q
2008-05-11 17:22 . 2008-05-11 17:25 <DIR> d--h----- C:\$INPLACE.~TR
2008-05-11 15:58 . 2008-05-11 15:58 205,824 --a------ C:\Windows\System32\msoeacct.dll
2008-05-11 15:58 . 2008-05-11 15:58 87,040 --a------ C:\Windows\System32\msoert2.dll
2008-05-11 15:58 . 2008-05-11 15:58 39,424 --a------ C:\Windows\System32\ACCTRES.dll
2008-05-11 15:55 . 2008-05-11 15:55 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-05-11 15:55 . 2008-05-11 15:55 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-05-11 15:52 . 2008-05-11 15:52 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-11 15:52 . 2008-05-11 15:52 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-11 15:51 . 2008-05-11 15:51 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-11 15:50 . 2008-05-11 15:50 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-11 15:50 . 2008-05-11 15:50 414,208 --a------ C:\Windows\System32\msscp.dll
2008-05-11 15:50 . 2008-05-11 15:50 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-11 15:50 . 2008-05-11 15:50 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-11 15:50 . 2008-05-11 15:50 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-11 15:50 . 2008-05-11 15:50 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-11 15:49 . 2008-05-11 15:49 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-05-11 15:49 . 2008-05-11 15:49 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-05-11 15:49 . 2008-05-11 15:49 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-05-11 15:49 . 2008-05-11 15:49 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-05-11 15:49 . 2008-05-11 15:49 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-05-11 15:49 . 2008-05-11 15:49 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-05-11 15:49 . 2008-05-11 15:49 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-05-11 15:49 . 2008-05-11 15:49 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-05-11 15:49 . 2008-05-11 15:49 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-05-11 15:47 . 2008-05-11 15:47 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-11 15:47 . 2008-05-11 15:47 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-11 15:47 . 2008-05-11 15:47 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-11 15:47 . 2008-05-11 15:47 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-11 15:47 . 2008-05-11 15:47 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-11 15:47 . 2008-05-11 15:47 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-11 15:47 . 2008-05-11 15:47 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-11 15:47 . 2008-05-11 15:47 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-11 15:46 . 2008-05-11 15:46 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-11 15:46 . 2008-05-11 15:46 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-05-11 15:46 . 2008-05-11 15:46 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-11 15:45 . 2008-05-11 15:45 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-05-11 15:45 . 2008-05-11 15:45 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-05-11 15:45 . 2008-05-11 15:45 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-05-11 15:45 . 2008-05-11 15:45 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys
2008-05-11 15:45 . 2008-05-11 15:45 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-05-11 15:45 . 2008-05-11 15:45 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-11 15:45 . 2008-05-11 15:45 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-05-11 15:44 . 2008-05-11 15:44 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-11 15:44 . 2008-05-11 15:44 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-11 15:44 . 2008-05-11 15:44 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-11 15:44 . 2008-05-11 15:44 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-11 15:44 . 2008-05-11 15:44 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-11 15:43 . 2008-05-11 15:43 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-11 15:40 . 2008-05-11 15:40 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-11 15:38 . 2008-05-11 15:38 82,432 --a------ C:\Windows\System32\drivers\sdbus.sys
2008-05-11 15:37 . 2008-05-11 15:37 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-11 15:36 . 2008-05-11 15:36 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-11 15:36 . 2008-05-11 15:36 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-11 15:36 . 2008-05-11 15:36 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-11 15:35 . 2008-05-11 15:35 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-11 15:34 . 2008-05-11 15:34 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-05-11 15:34 . 2008-05-11 15:34 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-05-11 15:34 . 2008-05-11 15:34 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-05-11 15:34 . 2008-05-11 15:34 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-05-11 15:34 . 2008-05-11 15:34 223,232 --a------ C:\Windows\System32\SLC.dll
2008-05-11 15:34 . 2008-05-11 15:34 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-05-11 15:34 . 2008-05-11 15:34 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-05-11 15:34 . 2008-05-11 15:34 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-05-11 15:34 . 2008-05-11 15:34 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-05-11 15:33 . 2008-05-11 15:33 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-11 15:33 . 2008-05-11 15:33 2,048 --a------ C:\Windows\System32\msxml6r.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:04 7,219 ----a-w C:\Windows\system32\drivers\services.xml
2008-05-30 13:18 --------- d-----w C:\Users\Werly\AppData\Roaming\DMCache
2008-05-30 11:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 11:04 --------- d-----w C:\Program Files\Google
2008-05-30 05:21 --------- d---a-w C:\ProgramData\TEMP
2008-05-30 05:10 --------- d-----w C:\Users\Werly\AppData\Roaming\Download Manager
2008-05-29 20:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-25 23:46 --------- d-----w C:\Program Files\Ad Muncher
2008-05-14 07:00 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 00:26 --------- d-----w C:\Program Files\DivX
2008-05-11 22:41 47,360 ----a-w C:\Users\Werly\AppData\Roaming\pcouffin.sys
2008-05-11 22:41 --------- d-----w C:\Users\Werly\AppData\Roaming\Vso
2008-05-11 22:41 --------- d-----w C:\Program Files\VSO
2008-05-11 22:20 --------- d-----w C:\ProgramData\Symantec
2008-05-11 22:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-11 21:59 174 --sha-w C:\Program Files\desktop.ini
2008-05-11 21:54 --------- d-----w C:\Program Files\Windows Defender
2008-05-11 21:54 --------- d-----w C:\Program Files\Windows Calendar
2008-05-11 21:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-11 19:57 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-11 19:39 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-11 19:32 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-05-11 19:24 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-11 19:24 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-11 19:24 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-11 19:24 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-11 18:10 --------- d--h--r C:\Users\Werly\AppData\Roaming\SecuROM
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\vlc
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\TVU Networks
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\SopCast
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\Skype
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\PgcEdit
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\ooVoo Details
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\NewsLeecher
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\MySpace
2008-05-11 18:10 --------- d-----w C:\Users\Werly\AppData\Roaming\Media Player Classic
2008-05-11 18:01 --------- d-----w C:\ProgramData\Yahoo!
2008-05-11 18:00 --------- d-----w C:\Program Files\Windows Live
2008-05-11 17:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 17:58 --------- d-----w C:\Program Files\Acer
2008-05-11 15:19 --------- d-----w C:\Users\Werly\AppData\Roaming\Move Networks
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 129,784 ----a-w C:\Windows\System32\pxafs.dll
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-11 15:30 1232896]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 16:08 67160]
"ares ultra"="C:\Program Files\Ares Ultra\Ares Ultra.exe" [2006-12-18 14:08 2776064]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2006-11-01 12:04 878848]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 23:49 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-05 21:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-05 21:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-05 21:02 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-22 23:00 815104]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2006-12-13 14:55 3166208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-05-18 21:14 779776]
"RegDoctor"="C:\Program Files\RegDoctor\RegDoctor.exe" [2008-05-30 09:20 2256896]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

C:\Users\Werly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 08:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-01-13 04:36:20 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLeNetHook.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2006-12-07 18:37 1261568 C:\Program Files\Acer Assist\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
--a------ 2006-11-28 18:43 754712 C:\Program Files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-12-08 08:35 614400 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-10-31 01:06 304664 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-11-28 18:38 244512 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
-C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 09:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 14:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"UDP Query User{556A26C3-70CA-4BF5-80F7-E7EEAEF65D31}C:\\program files\\ares ultra\\ares ultra.exe"= TCP:C:\program files\ares ultra\ares ultra.exe:Ares Ultra
"TCP Query User{3DF63C4F-998E-474A-8FBA-A25798911FF5}C:\\program files\\ares ultra\\ares ultra.exe"= UDP:C:\program files\ares ultra\ares ultra.exe:Ares Ultra
"{AF10DDEC-C633-4D0F-B41A-52C2C5D47281}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{F16E5E61-B8B1-4AB9-A3E7-07714C961587}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{5A1D740E-F87E-4AE5-B3EF-F27580C8B4F7}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{64AED9BC-D83C-41D2-BD7A-B237B793CE59}"= Disabled:TCP:443:ooVoo UDP port 443
"{94CA9E02-E7D8-4DDC-9E6D-61AAC4669D86}"= Disabled:UDP:443:ooVoo TCP port 443
"{F739FDE6-A742-48BA-9C6C-847B69401A66}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{8ED5359E-BFAB-4C0A-98E0-75DEFCC00C51}C:\\program files\\ad muncher\\admunch.exe"= TCP:C:\program files\ad muncher\admunch.exe:AdMunch
"TCP Query User{2A8F8A3A-A2C7-43C0-B795-A72EC4A9C57A}C:\\program files\\ad muncher\\admunch.exe"= UDP:C:\program files\ad muncher\admunch.exe:AdMunch
"{F7B56DC6-83A3-44CB-9097-D5AB4096B414}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{265FA030-1D2A-4570-9027-B0A6C8499513}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0A5685CB-75FA-4C79-BE93-83B2E8C44086}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{62EEE474-ACA6-436C-8E3A-FFAA7FB83342}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5ED8439D-9B06-47E4-96F2-4A96A91EFAED}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9AEB0009-24EE-4AF6-9D4C-806E601147A7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D889881C-2F8A-46CD-89FF-820D08F25743}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9DD875FE-78F0-4301-A80C-729BFF3F3125}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 sdpiosys;sdpiosys;C:\Windows\system32\drivers\sdpiosys.sys [2004-11-30 12:10]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-29 00:07]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 20:46]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 16:57]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 13:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 05:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-05 22:29]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 06:36]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
S2 Windows Services Control;Windows Services Control;c:\windows\system32\drivers\services.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MFEAVFK
*Newly Created Service* - MFEBOPK
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 11:46:46
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-31 11:49:31
ComboFix-quarantined-files.txt 2008-05-31 15:49:06

Pre-Run: 16,458,780,672 bytes free
Post-Run: 16,552,161,280 bytes free

332 --- E O F --- 2008-05-30 10:33:46

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 31 May 2008 - 11:11 PM

Hello,

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

How is it running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 Tmak

Tmak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 01 June 2008 - 12:47 PM

MBAM log


Scan type: Full Scan (C:\|D:\|)
Objects scanned: 155132
Time elapsed: 43 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\drivers\services.xml (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 01 June 2008 - 02:29 PM

Hello,

I also asked you for a new HijackThis log and a description of how your computer is running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Tmak

Tmak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 01 June 2008 - 03:34 PM

new hijackthis log



Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\UPP\mirc_upp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Werly\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566....acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] -C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [?????????] -
O4 - HKCU\..\Run: [????r] -
O4 - HKCU\..\Run: [DSS] C:\Windows\HostServEdit32.exe
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\Ares Ultra.exe" -h
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BM0f937980] Rundll32.exe "C:\Users\Werly\AppData\Local\Temp\nhejtdcd.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Werly\AppData\Local\Temp\byXOFWND.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL eNetHook.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Services Control - FileZilla Project - c:\windows\system32\drivers\services.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13821 bytes

#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 01 June 2008 - 03:37 PM

..............and a description of how your computer is running now.


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Tmak

Tmak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 01 June 2008 - 03:58 PM

computer is running fine, i used to get a lot of pop up like systemerrorfixer and others, i dont get them anymore. is there a pop up blocker program for free available?
thanks for all the help :thumbsup:

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 01 June 2008 - 04:16 PM

Hello,

That's good to know. :thumbsup:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Regards,
tea

Edited by teacup61, 01 June 2008 - 04:17 PM.

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Tmak

Tmak
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 01 June 2008 - 04:44 PM

im having trouble running the runthis batch file in safe mode, whenever i click it, the window will come on for a quick sec then disapear

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:00 AM

Posted 01 June 2008 - 04:59 PM

Hello,

Okay, then let's do this instead :

Please download and run Bit Defender 8 online scanner
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users