Jump to content


Create Account Login to Account

Help! Trojan horse BackDoor.Generic11.zne


  • Please log in to reply

#1
manalicream

manalicream

    New Member

  • Member
  • Pip
  • 2 posts
Please help I have the above virus and it keeps respawning even after I remove with AVG!

It says the file: C:\Windows\System32\geyekrqwbqmqxo.dll is effeccted.

Any ideas how I can get this off?

I'm on a Windows Home Premium Vista machine!

Please help!!!
  • 0

Advertisement


#2
manalicream

manalicream

    New Member

  • Member
  • Pip
  • 2 posts
Here is the Combo Fix log:

ComboFix 09-07-13.01 - Josh Atkin 13/07/2009 23:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3000.2002 [GMT 1:00]
Running from: c:\users\Josh Atkin\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2333947209-177005507-3680283835-500
c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\1b260.msi
c:\windows\Installer\2517b.msi
c:\windows\Temp\log.txt

----- BITS: Possible infected sites -----

hxxp://binuser.fileave.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 22:01 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-07-13 22:01 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-07-13 22:01 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-07-13 22:01 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-07-13 22:01 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\program files\Trojan Remover
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\Simply Super Software
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\Simply Super Software
2009-07-13 22:01 . 2009-07-13 22:01 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-13 20:16 . 2009-07-13 20:16 -------- d-----w- c:\program files\Alcohol Soft
2009-07-13 20:05 . 2009-07-13 20:05 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-13 19:35 . 2009-07-13 19:40 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\Spotify
2009-07-13 19:35 . 2009-07-13 19:40 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\Spotify
2009-07-13 19:35 . 2009-07-13 19:36 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Spotify
2009-07-13 19:35 . 2009-07-13 19:36 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Spotify
2009-07-13 19:35 . 2009-07-13 19:35 -------- d-----w- c:\program files\Spotify
2009-07-11 09:24 . 2009-07-11 09:25 -------- d-----w- c:\users\Josh Atkin\.dvdcss
2009-07-09 19:56 . 2009-07-09 19:56 -------- d-----w- c:\users\Josh Atkin\Option
2009-07-08 12:57 . 2009-07-08 12:57 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-08 09:44 . 2009-07-08 09:54 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\DiskAid
2009-07-08 09:44 . 2009-07-08 09:54 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\DiskAid
2009-07-08 09:44 . 2009-07-08 09:44 -------- d-----w- c:\program files\DigiDNA
2009-07-07 18:11 . 2009-07-07 18:11 319488 ----a-w- c:\users\Josh Atkin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-07-05 10:52 . 2009-07-05 10:52 -------- d-----w- c:\windows\Sun
2009-07-03 23:00 . 2009-07-03 23:17 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\ImgBurn
2009-07-03 23:00 . 2009-07-03 23:17 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\ImgBurn
2009-07-03 22:58 . 2009-07-03 22:58 -------- d-----w- c:\program files\ImgBurn
2009-07-03 22:56 . 2009-07-03 22:56 -------- d-----w- c:\users\Josh Atkin\Volume_1
2009-07-03 22:33 . 2009-07-03 22:35 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\InfraRecorder
2009-07-03 22:33 . 2009-07-03 22:35 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\InfraRecorder
2009-07-03 22:24 . 2009-07-03 22:24 -------- d-----w- c:\program files\7-Zip
2009-06-29 22:50 . 2009-06-29 22:50 -------- d-----w- C:\Brasseye
2009-06-29 22:49 . 2009-06-29 22:49 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\.BitTornado
2009-06-29 22:49 . 2009-06-29 22:49 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\.BitTornado
2009-06-29 22:49 . 2009-06-29 22:49 -------- d-----w- c:\program files\BitTornado
2009-06-29 21:53 . 2009-06-29 21:54 -------- d-----w- c:\program files\PS3 Media Server
2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\SharePod
2009-06-29 21:11 . 2009-06-29 21:11 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\SharePod
2009-06-25 19:15 . 2009-06-25 19:16 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Adobe
2009-06-25 19:15 . 2009-06-25 19:16 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Adobe
2009-06-25 18:33 . 2009-07-10 15:05 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\QuickPar
2009-06-25 18:33 . 2009-07-10 15:05 -------- d-----w- c:\users\Josh Atkin\AppData\Local\QuickPar
2009-06-25 18:32 . 2009-06-25 18:32 -------- d-----w- c:\program files\QuickPar
2009-06-24 18:56 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-06-24 18:56 . 2009-06-24 18:57 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-24 18:50 . 2009-06-24 18:56 -------- d-----w- c:\progra~2\VistaCodecs
2009-06-24 18:23 . 2009-06-24 18:23 29184 ----a-r- c:\users\Josh Atkin\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2009-06-24 18:23 . 2009-07-08 06:31 -------- d-----w- c:\program files\mkv2vob
2009-06-24 18:23 . 2009-06-24 18:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:59 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:59 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\Apple Computer
2009-06-23 06:55 . 2009-06-23 06:55 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-22 21:31 . 2009-07-13 22:36 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-22 21:20 . 2009-07-13 22:42 -------- d-----w- c:\progra~2\avg8
2009-06-22 21:20 . 2009-06-22 21:20 -------- d-----w- c:\program files\AVG
2009-06-22 20:58 . 2009-06-22 20:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-22 20:58 . 2009-06-22 20:58 -------- d-----w- c:\program files\Java
2009-06-22 20:39 . 2009-07-13 22:28 -------- d-----w- c:\users\Josh Atkin\Tracing
2009-06-22 20:30 . 2009-07-13 20:02 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\GrabIt
2009-06-22 20:30 . 2009-07-13 20:02 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\GrabIt
2009-06-22 20:26 . 2009-06-22 20:26 -------- d-----w- c:\program files\GrabIt
2009-06-22 20:23 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-22 20:23 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-22 20:23 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-22 20:23 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-22 20:23 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-22 20:23 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-22 20:23 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-22 20:16 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-22 20:16 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-22 20:16 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-22 20:16 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-22 20:16 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-22 20:13 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 20:13 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-22 20:13 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-22 20:11 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-06-22 20:11 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-06-22 20:01 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-22 20:01 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-22 20:01 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-22 20:01 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-22 20:00 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-22 20:00 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-22 20:00 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-22 20:00 . 2008-10-16 13:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-22 20:00 . 2008-10-16 12:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\JOSHAT~1\AppData\Roaming\PowerCinema
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\Josh Atkin\AppData\Roaming\PowerCinema
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\Acer ePower Management V4
2009-06-22 19:59 . 2009-06-22 19:59 -------- d-----w- c:\users\Josh Atkin\AppData\Local\Acer ePower Management V4
2009-06-22 19:58 . 2009-06-22 19:58 -------- d-----w- c:\users\JOSHAT~1\AppData\Local\EgisTec
2009-06-22 19:58 . 2009-06-22 19:58 -------- d-----w- c:\users\Josh Atkin\AppData\Local\EgisTec
2009-06-22 19:58 . 2009-06-22 19:58 -------- d-----w- c:\progra~2\EgisTec
2009-06-22 19:58 . 2009-06-22 19:58 70176 ----a-w- c:\users\JOSHAT~1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:58 . 2009-06-22 19:58 70176 ----a-w- c:\users\Josh Atkin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\users\Default User
2009-06-22 14:23 . 2009-06-22 14:23 239088 ----a-w- c:\users\Josh Atkin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 21:10 . 2009-06-29 21:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-27 12:57 . 2009-02-18 12:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-24 06:49 . 2009-02-18 12:10 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-24 06:49 . 2009-02-18 12:11 -------- d-----w- c:\program files\Microsoft Works
2009-06-23 23:30 . 2009-02-18 12:26 -------- d-----w- c:\program files\Windows Live
2009-06-23 06:57 . 2009-06-23 06:52 -------- d-----w- c:\progra~2\Apple
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\program files\iTunes
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-23 06:55 . 2009-06-23 06:55 -------- d-----w- c:\program files\iPod
2009-06-23 06:55 . 2009-06-23 06:52 -------- d-----w- c:\program files\Common Files\Apple
2009-06-23 06:55 . 2009-06-23 06:54 -------- d-----w- c:\progra~2\Apple Computer
2009-06-23 06:54 . 2009-06-23 06:54 -------- d-----w- c:\program files\Bonjour
2009-06-23 06:54 . 2009-06-23 06:54 -------- d-----w- c:\program files\QuickTime
2009-06-23 06:53 . 2009-06-23 06:53 -------- d-----w- c:\program files\Apple Software Update
2009-06-22 21:28 . 2009-02-18 11:55 -------- d-----w- c:\progra~2\McAfee
2009-06-22 21:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-22 21:20 . 2009-06-22 19:56 -------- d-----w- c:\program files\Google
2009-06-22 20:51 . 2009-06-22 20:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-22 19:57 . 2009-03-11 08:04 -------- d-----w- c:\program files\Acer
2009-06-22 19:57 . 2009-02-11 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Templates
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Start Menu
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Favorites
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Documents
2009-06-22 19:53 . 2009-06-22 19:53 -------- d-sh--we c:\progra~2\Desktop
2009-06-05 10:42 . 2009-06-05 10:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 10:42 . 2009-06-05 10:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-04-24 16:05 . 2009-06-22 20:08 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-22 20:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-22 20:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-22 20:12 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-21 11:55 . 2009-06-22 20:12 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-24 14:37 . 2009-06-22 20:12 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 12:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\users\Josh Atkin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-24 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-21 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-21 202024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-03-11 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-02-17 248576]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-02-19 707104]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-22 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-01 1059720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{98531B6E-5A0B-455A-830A-874F192B9DFD}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{EC667A6D-C696-47D4-9D4A-4E98CC50CBB9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{48426CB5-67EA-4BA0-805C-02EC18E74CD4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1779F049-CC71-486B-AB6A-A002C5D63950}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{DCD74AC1-89BA-484D-B904-E6FD1C373FE2}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{52319688-26D5-43C5-86C1-F2983F054315}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{3C3E3C0E-FC91-4059-9F97-4FA31DEFBB3B}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{51E40356-C678-4F83-AD96-18090EC26E8A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{105730B4-9A89-4007-929F-CA15F4EA2780}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6D148245-BE7C-4360-A479-FFF455BB0FBD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0CD5FC09-D6CA-4C15-A04B-C1E7F518FDF4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F8C66CE-1104-4CB2-BCD8-3CB39B2C9D9F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{04B6B252-F6E9-41F6-9D37-ACD121CD9491}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{51779FCF-3C5F-4804-B4F4-D245CE23B759}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{2C388D16-3CF5-464A-89FE-25D453DA77B8}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{9315DCCB-D3CA-4154-992E-3843888C7DBB}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{BEBC2569-313D-4A76-9EBE-5CD67CBD7EAD}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{94CAEED1-7C45-496F-B49F-D2802E563657}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{8D68EBD4-040B-4BD8-AC4F-BCE4F77AF121}"= UDP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{3B4BE436-FDE3-47AC-AE28-68467DC66767}"= TCP:c:\users\Josh Atkin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"TCP Query User{15FE3AA9-8174-48E9-A095-5995A63D011F}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{1B0E11C7-1C9D-4268-975D-F2521D96E3E1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{8EA14B95-2814-42DA-8358-F65D5C471240}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{61065BB1-6E1F-4202-82E7-3103F71DCA59}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{9858185C-3570-4178-8204-1E0ECFBADED1}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{C89A53FB-5463-4211-A7AB-2568BBC426C5}"= TCP:c:\program files\Spotify\spotify.exe:Spotify

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [18/02/2009 13:24 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [11/03/2009 09:20 666144]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09/10/2008 17:47 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09/10/2008 17:47 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09/10/2008 17:47 59952]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [27/10/2008 13:05 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [17/02/2009 11:36 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23/09/2008 15:11 144632]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [11/03/2009 16:51 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04/09/2008 05:12 223232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 03:23 179712]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [22/06/2009 20:56 30192]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23/09/2008 15:11 50424]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0309&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0309&m=aspire_5738
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\JOSHAT~1\AppData\Roaming\Mozilla\Firefox\Profiles\wbfex3gq.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Josh Atkin\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Josh Atkin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 23:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3904)
geyekrqwbqmqxo.dll 10000000 36864 \\?\globalroot\systemroot\system32\geyekrqwbqmqxo.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-13 0:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-13 23:01

Pre-Run: 194,160,996,352 bytes free
Post-Run: 197,994,782,720 bytes free

352 --- E O F --- 2009-06-28 02:04
  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.