Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Help! Trojan horse BackDoor.Generic11.zne


  • Please log in to reply

#1
manalicream

manalicream

    New Member

  • Member
  • Pip
  • 2 posts
Please help I have the above virus and it keeps respawning even after I remove with AVG!

It says the file: C:\Windows\System32\geyekrqwbqmqxo.dll is effeccted.

Any ideas how I can get this off?

I'm on a Windows Home Premium Vista machine!

Please help!!!
  • 0

Similar Topics: Help! Trojan horse BackDoor.Generic11.zne     x


#2
manalicream

manalicream

    New Member

  • Member
  • Pip
  • 2 posts
Here is the Combo Fix log:

ComboFix 09-07-13.01 - Josh Atkin 13/07/2009 23:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3000.2002 [GMT 1:00]
Running from: c:\users\Josh Atkin\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2333947209-177005507-3680283835-500
c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\1b260.msi
c:\windows\Installer\2517b.msi
c:\windows\Temp\log.txt

----- BITS: Possible infected sites -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 22:01 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-13 22:01 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-13 22:01 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-13 22:01 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-07-13 22:01 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\program files\Trojan Remover
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\Simply Super Software
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\Simply Super Software
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 20:16 . 2009-07-13 20:16 -------- d-----w- c:\program files\Alcohol Soft
2009-07-13 20:05 . 2009-07-13 20:05 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-13 19:35 . 2009-07-13 19:40 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\Spotify
2009-07-13 19:35 . 2009-07-13 19:40 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\Spotify
2009-07-13 19:35 . 2009-07-13 19:36 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Spotify
2009-07-13 19:35 . 2009-07-13 19:36 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Spotify
2009-07-13 19:35 . 2009-07-13 19:35 -------- d-----w- c:\program files\Spotify
2009-07-11 09:24 . 2009-07-11 09:25 -------- d-----w- c:\users\Josh Atkin\.dvdcss
2009-07-09 19:56 . 2009-07-09 19:56 -------- d-----w- c:\users\Josh Atkin\Option
2009-07-08 12:57 . 2009-07-08 12:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-08 09:44 . 2009-07-08 09:54 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\DiskAid
2009-07-08 09:44 . 2009-07-08 09:54 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\DiskAid
2009-07-08 09:44 . 2009-07-08 09:44 -------- d-----w- c:\program files\DigiDNA
2009-07-07 18:11 . 2009-07-07 18:11 319488 ----a-w- c:\users\Josh Atkin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-07-05 10:52 . 2009-07-05 10:52 -------- d-----w- c:\windows\Sun
2009-07-03 23:00 . 2009-07-03 23:17 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\ImgBurn
2009-07-03 23:00 . 2009-07-03 23:17 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\ImgBurn
2009-07-03 22:58 . 2009-07-03 22:58 -------- d-----w- c:\program files\ImgBurn
2009-07-03 22:56 . 2009-07-03 22:56 -------- d-----w- c:\users\Josh Atkin\Volume_1
2009-07-03 22:33 . 2009-07-03 22:35 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\InfraRecorder
2009-07-03 22:33 . 2009-07-03 22:35 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\InfraRecorder
2009-07-03 22:24 . 2009-07-03 22:24 -------- d-----w- c:\program files\7-Zip
2009-06-29 22:50 . 2009-06-29 22:50 -------- d-----w- C:\Brasseye
2009-06-29 22:49 . 2009-06-29 22:49 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\.BitTornado
2009-06-29 22:49 . 2009-06-29 22:49 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\.BitTornado
2009-06-29 22:49 . 2009-06-29 22:49 -------- d-----w- c:\program files\BitTornado
2009-06-29 21:53 . 2009-06-29 21:54 -------- d-----w- c:\program files\PS3 Media Server
2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\SharePod
2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\SharePod
2009-06-25 19:15 . 2009-06-25 19:16 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Adobe
2009-06-25 19:15 . 2009-06-25 19:16 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Adobe
2009-06-25 18:33 . 2009-07-10 15:05 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\QuickPar
2009-06-25 18:33 . 2009-07-10 15:05 -------- d-----w- c:\users\Josh Atkin\AppData\Local\QuickPar
2009-06-25 18:32 . 2009-06-25 18:32 -------- d-----w- c:\program files\QuickPar
2009-06-24 18:56 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-06-24 18:56 . 2009-06-24 18:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-24 18:50 . 2009-06-24 18:56 -------- d-----w- c:\progra~2\VistaCodecs
2009-06-24 18:23 . 2009-06-24 18:23 29184 ----a-r- c:\users\Josh Atkin\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2009-06-24 18:23 . 2009-07-08 06:31 -------- d-----w- c:\program files\mkv2vob
2009-06-24 18:23 . 2009-06-24 18:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:59 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:59 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:55 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-22 21:31 . 2009-07-13 22:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-22 21:20 . 2009-07-13 22:42 -------- d-----w- c:\progra~2\avg8
2009-06-22 21:20 . 2009-06-22 21:20 -------- d-----w- c:\program files\AVG
2009-06-22 20:58 . 2009-06-22 20:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-22 20:58 . 2009-06-22 20:58 -------- d-----w- c:\program files\Java
2009-06-22 20:39 . 2009-07-13 22:28 -------- d-----w- c:\users\Josh Atkin\Tracing
2009-06-22 20:30 . 2009-07-13 20:02 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\GrabIt
2009-06-22 20:30 . 2009-07-13 20:02 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\GrabIt
2009-06-22 20:26 . 2009-06-22 20:26 -------- d-----w- c:\program files\GrabIt
2009-06-22 20:23 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-22 20:23 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-22 20:23 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-22 20:23 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-22 20:23 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-22 20:23 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-22 20:23 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-22 20:16 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-22 20:16 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-22 20:16 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-22 20:16 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-22 20:16 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-22 20:13 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 20:13 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-22 20:13 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-22 20:11 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-22 20:11 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-22 20:01 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-22 20:01 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-22 20:01 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-22 20:01 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-22 20:00 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-22 20:00 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-22 20:00 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-22 20:00 . 2008-10-16 13:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-22 20:00 . 2008-10-16 12:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\PowerCinema
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\PowerCinema
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Acer ePower Management V4
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Acer ePower Management V4
2009-06-22 19:58 . 2009-06-22 19:58 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\EgisTec
2009-06-22 19:58 . 2009-06-22 19:58 -------- d-----w- c:\users\Josh Atkin\AppData\Local\EgisTec
2009-06-22 19:58 . 2009-06-22 19:58 -------- d-----w- c:\progra~2\EgisTec
2009-06-22 19:58 . 2009-06-22 19:58 70176 ----a-w- c:\users\JOSHAT~1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:58 . 2009-06-22 19:58 70176 ----a-w- c:\users\Josh Atkin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\users\Default User
2009-06-22 14:23 . 2009-06-22 14:23 239088 ----a-w- c:\users\Josh Atkin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 21:10 . 2009-06-29 21:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-27 12:57 . 2009-02-18 12:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-24 06:49 . 2009-02-18 12:10 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-24 06:49 . 2009-02-18 12:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-23 23:30 . 2009-02-18 12:26 -------- d-----w- c:\program files\Windows Live
2009-06-23 06:57 . 2009-06-23 06:52 -------- d-----w- c:\progra~2\Apple
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\program files\iTunes
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\program files\iPod
2009-06-23 06:55 . 2009-06-23 06:52 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 06:55 . 2009-06-23 06:54 -------- d-----w- c:\progra~2\Apple Computer
2009-06-23 06:54 . 2009-06-23 06:54 -------- d-----w- c:\program files\Bonjour
2009-06-23 06:54 . 2009-06-23 06:54 -------- d-----w- c:\program files\QuickTime
2009-06-23 06:53 . 2009-06-23 06:53 -------- d-----w- c:\program files\Apple Software Update
2009-06-22 21:28 . 2009-02-18 11:55 -------- d-----w- c:\progra~2\McAfee
2009-06-22 21:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-22 21:20 . 2009-06-22 19:56 -------- d-----w- c:\program files\Google
2009-06-22 20:51 . 2009-06-22 20:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-22 19:57 . 2009-03-11 08:04 -------- d-----w- c:\program files\Acer
2009-06-22 19:57 . 2009-02-11 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Templates
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Start Menu
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Favorites
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Documents
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Desktop
2009-06-05 10:42 . 2009-06-05 10:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 10:42 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-04-24 16:05 . 2009-06-22 20:08 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-22 20:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-22 20:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-22 20:12 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-21 11:55 . 2009-06-22 20:12 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 14:37 . 2009-06-22 20:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 12:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\users\Josh Atkin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-24 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-21 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-21 202024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-03-11 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-02-17 248576]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-02-19 707104]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-22 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-01 1059720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{98531B6E-5A0B-455A-830A-874F192B9DFD}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{EC667A6D-C696-47D4-9D4A-4E98CC50CBB9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{48426CB5-67EA-4BA0-805C-02EC18E74CD4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1779F049-CC71-486B-AB6A-A002C5D63950}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{DCD74AC1-89BA-484D-B904-E6FD1C373FE2}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{52319688-26D5-43C5-86C1-F2983F054315}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{3C3E3C0E-FC91-4059-9F97-4FA31DEFBB3B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{51E40356-C678-4F83-AD96-18090EC26E8A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{105730B4-9A89-4007-929F-CA15F4EA2780}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D148245-BE7C-4360-A479-FFF455BB0FBD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0CD5FC09-D6CA-4C15-A04B-C1E7F518FDF4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F8C66CE-1104-4CB2-BCD8-3CB39B2C9D9F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{04B6B252-F6E9-41F6-9D37-ACD121CD9491}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{51779FCF-3C5F-4804-B4F4-D245CE23B759}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{2C388D16-3CF5-464A-89FE-25D453DA77B8}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{9315DCCB-D3CA-4154-992E-3843888C7DBB}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{BEBC2569-313D-4A76-9EBE-5CD67CBD7EAD}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{94CAEED1-7C45-496F-B49F-D2802E563657}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{8D68EBD4-040B-4BD8-AC4F-BCE4F77AF121}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{3B4BE436-FDE3-47AC-AE28-68467DC66767}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"TCP Query User{15FE3AA9-8174-48E9-A095-5995A63D011F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{1B0E11C7-1C9D-4268-975D-F2521D96E3E1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{8EA14B95-2814-42DA-8358-F65D5C471240}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{61065BB1-6E1F-4202-82E7-3103F71DCA59}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{9858185C-3570-4178-8204-1E0ECFBADED1}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{C89A53FB-5463-4211-A7AB-2568BBC426C5}"= TCP:c:\program files\Spotify\spotify.exe:Spotify

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [18/02/2009 13:24 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [11/03/2009 09:20 666144]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 17:47 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 17:47 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 17:47 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [27/10/2008 13:05 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [17/02/2009 11:36 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 15:11 144632]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [11/03/2009 16:51 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 05:12 223232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 03:23 179712]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/06/2009 20:56 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 15:11 50424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0309&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0309&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\JOSHAT~1\AppData\Roaming\Mozilla\Firefox\Profiles\wbfex3gq.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Josh Atkin\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Josh Atkin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 23:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3904)
geyekrqwbqmqxo.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrqwbqmqxo.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-13 0:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 23:01

Pre-Run: 194,160,996,352 bytes free
Post-Run: 197,994,782,720 bytes free

352 --- E O F --- 2009-06-28 02:04
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured