Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Can't Search Google, **** Coolsearch!

[Pending] HJT Logs - Can't Search Google, **** Coolsearch! posted in the Security & Safety forums; Got Coolsearch, removed it but still can't search Google. Followed the Prework- steps, logs below. Any help much appreciated --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 18:13 ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 05-19-2008
Bronze Member
  
Join Date: May 2008
Posts: 7
PC Experience: Experienced
Amonero - See this Members User comments on their Profile page
Default Can't Search Google, **** Coolsearch!
Got Coolsearch, removed it but still can't search Google. Followed the Prework- steps, logs below.

Any help much appreciated

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:13 2008-05-19

+ Scan result:



HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\{a 5dcbf10-6530-11d2-901f-00c04fb951ed}\##?SB#VID_04FC&PID_0013#5&338c3ba3 &0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed} -> Adware.Ezula : Ignored.
HKLM\SYSTEM\ControlSet001\Control\DeviceClasses\{a 5dcbf10-6530-11d2-901f-00c04fb951ed}\##?SB#VID_04FC&PID_0013#5&338c3ba3 &0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}\# -> Adware.Ezula : Ignored.
HKU\S-1-5-21-983903875-2531788366-477322086-1000\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Ignored.
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Ignored.
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.


::Report end


















SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 05/19/2008 at 06:43 PM

Application Version : 4.0.1154

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 00:28:35

Memory items scanned : 231
Memory threats detected : 1
Registry items scanned : 6084
Registry threats detected : 4
File items scanned : 21396
File threats detected : 7

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\XXYWWMJH.DLL
C:\WINDOWS\SYSTEM32\XXYWWMJH.DLL

Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{BBF0A4B3-A76A-414B-9EB2-9564A2770D3C}
HKCR\CLSID\{BBF0A4B3-A76A-414B-9EB2-9564A2770D3C}
HKCR\CLSID\{BBF0A4B3-A76A-414B-9EB2-9564A2770D3C}\InprocServer32
HKCR\CLSID\{BBF0A4B3-A76A-414B-9EB2-9564A2770D3C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\IIFXQQKK.DLL

Adware.Tracking Cookie
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@specificclick[2].txt
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@counter.hitslink[1].txt
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@questionmarket[1].txt
C:\Users\Asle\AppData\Roaming\Microsoft\Windows\Co okies\asle@msnportal.112.2o7[1].txt

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\JAIAUMYP.EXE








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56, on 2008-05-19
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\BR040286.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\winvi\wupda.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
D:\Opera 9.5 beta\opera.exe
C:\Users\Asle\AppData\Local\Opera\Opera 9.5 beta\profile\cache4\temporary_download\HijackThis. exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BBF0A4B3-A76A-414B-9EB2-9564A2770D3C} - (no file)
O2 - BHO: {b9bbbf44-b780-4368-1cd4-2b32580f1bec} - {ceb1f085-23b2-4dc1-8634-087b44fbbb9b} - C:\Windows\system32\nbrsgaij.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [90e589c3] rundll32.exe "C:\Windows\system32\abnmicxs.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM93d6ba5f] Rundll32.exe "C:\Windows\system32\nusicttt.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6564 bytes
  #2  
Old 05-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,089
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Can't Search Google, **** Coolsearch!
Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 05-20-2008
Bronze Member
  
Join Date: May 2008
Posts: 7
PC Experience: Experienced
Amonero - See this Members User comments on their Profile page
Default Re: Can't Search Google, **** Coolsearch!
Here they are:

ComboFix 08-05-19.4 - Asle 2008-05-20 11:15:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1227 [GMT 2:00]
Running from: C:\Users\Asle\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\HjmWwyxx.ini
C:\Windows\System32\HjmWwyxx.ini2
C:\Windows\system32\sxcimnba.ini
.
---- Previous Run -------
.
C:\DRV\Tuner\Yuan\Resources\_desktop.ini
C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\123messenger.per
C:\Windows\2020search.dll
C:\Windows\2020search2.dll
C:\Windows\apphelp32.dll
C:\Windows\asferror32.dll
C:\Windows\asycfilt32.dll
C:\Windows\athprxy32.dll
C:\Windows\ati2dvaa32.dll
C:\Windows\ati2dvag32.dll
C:\Windows\audiosrv32.dll
C:\Windows\autodisc32.dll
C:\Windows\avifile32.dll
C:\Windows\avisynthex32.dll
C:\Windows\aviwrap32.dll
C:\Windows\b2new.exe
C:\Windows\bjam.dll
C:\Windows\bokja.exe
C:\Windows\browserad.dll
C:\Windows\cdsm32.dll
C:\Windows\changeurl_30.dll
C:\Windows\default.htm
C:\Windows\didduid.ini
C:\Windows\licencia.txt
C:\Windows\mainms.vpi
C:\Windows\megavid.cdt
C:\Windows\msa64chk.dll
C:\Windows\msapasrc.dll
C:\Windows\mspphe.dll
C:\Windows\mssvr.exe
C:\Windows\muotr.so
C:\Windows\ntnut.exe
C:\Windows\saiemod.dll
C:\Windows\shdocpe.dll
C:\Windows\shdocpl.dll
C:\Windows\stcloader.exe
C:\Windows\swin32.dll
C:\Windows\system32\ACER.exe
C:\Windows\system32\HjmWwyxx.ini
C:\Windows\System32\HjmWwyxx.ini2
C:\Windows\System32\kkQqXFii.ini
C:\Windows\System32\kkQqXFii.ini2
C:\Windows\system32\lrncvygk.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt
C:\Windows\system32\setup.ini
C:\Windows\system32\sqeomcox.ini
C:\Windows\System32\sxcimnba.ini
C:\Windows\system32\ukexxxam.ini
C:\Windows\system32\vywskxbx.exe
C:\Windows\system32\winfrun32.bin
C:\Windows\system32\x64
C:\Windows\telefonos.txt
C:\Windows\textos.txt
C:\Windows\voiceip.dll
C:\Windows\winsb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 11:25 . 2008-05-20 11:25 294 ---hs---- C:\Windows\System32\sxcimnba.ini
2008-05-20 11:15 . 2008-05-20 11:15 <DIR> d-------- C:\327882R2FWJFW
2008-05-19 16:53 . 2008-05-19 16:53 <DIR> d-------- C:\Users\Asle\AppData\Roaming\Grisoft
2008-05-19 16:47 . 2008-05-19 16:47 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-19 16:47 . 2008-05-19 16:47 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-19 16:47 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-19 16:34 . 2008-05-19 16:34 <DIR> d-------- C:\Users\Asle\AppData\Roaming\SUPERAntiSpyware.com
2008-05-19 16:34 . 2008-05-19 16:34 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-19 16:34 . 2008-05-19 16:34 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-19 16:34 . 2008-05-19 16:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 15:03 . 2008-05-19 15:03 124,928 --a------ C:\Windows\System32\nusicttt.dll
2008-05-18 13:18 . 2008-05-18 13:18 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 12:46 . 2008-05-18 12:46 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-05-18 12:46 . 2008-05-18 12:46 <DIR> d-------- C:\ProgramData\CheckPoint
2008-05-18 12:46 . 2008-05-18 12:46 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-18 12:46 . 2008-03-03 15:05 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-05-18 12:46 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-05-18 12:44 . 2008-05-18 12:47 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-05-18 12:44 . 2008-05-20 11:21 <DIR> d-------- C:\Windows\Internet Logs
2008-05-18 12:44 . 2008-05-20 11:20 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-05-18 12:44 . 2008-03-03 15:06 279,440 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-05-18 01:36 . 2008-05-18 01:36 134,144 --a------ C:\Windows\System32\jjyifnux.dll
2008-05-18 01:36 . 2008-05-18 01:36 116,224 --a------ C:\Windows\System32\abnmicxs.dll
2008-05-18 01:33 . 2008-05-18 01:33 125,952 --a------ C:\Windows\System32\enkyqrpe.dll
2008-05-18 00:59 . 2008-05-19 11:51 <DIR> d-------- C:\SDFix
2008-05-18 00:37 . 2008-05-18 00:37 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-05-17 12:13 . 2008-05-17 12:13 116,736 --a------ C:\Windows\System32\maxxxeku.dll
2008-05-16 13:16 . 2008-05-18 12:08 <DIR> d-------- C:\Users\All Users\Avira
2008-05-16 13:16 . 2008-05-18 12:08 <DIR> d-------- C:\ProgramData\Avira
2008-05-16 12:58 . 2008-05-16 12:58 <DIR> d-------- C:\Users\Asle\AppData\Roaming\Deskbar_{953158C7-9CCD-438f-AD09-41DA41DECDD3}
2008-05-16 12:58 . 2008-05-18 12:48 <DIR> d-------- C:\Program Files\dbar
2008-05-16 12:07 . 2008-05-16 12:07 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-16 12:06 . 2008-05-16 12:06 <DIR> d-------- C:\Windows\System32\rDA
2008-05-16 12:06 . 2008-05-16 12:06 <DIR> d-------- C:\Windows\System32\emL1
2008-05-16 12:06 . 2008-05-16 12:06 <DIR> d-------- C:\Windows\System32\dFrnx06
2008-05-16 12:06 . 2008-05-16 12:06 <DIR> d-------- C:\Windows\System32\3056v
2008-05-16 12:06 . 2008-05-16 12:06 <DIR> d-------- C:\Temp\tmpvc14
2008-05-16 12:06 . 2008-05-18 13:20 <DIR> d-------- C:\Temp
2008-05-16 12:06 . 2008-05-18 11:56 <DIR> d-------- C:\Program Files\winvi
2008-05-16 11:46 . 2008-05-16 12:49 <DIR> d-------- C:\Users\All Users\Google
2008-05-16 11:40 . 2008-05-16 11:40 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-16 11:26 . 2008-05-16 11:26 <DIR> d-------- C:\Program Files\NAMCO BANDAI Games
2008-05-16 11:21 . 2008-05-16 11:21 <DIR> d-------- C:\Users\All Users\Innovative Solutions
2008-05-16 11:21 . 2008-05-16 11:21 <DIR> d-------- C:\ProgramData\Innovative Solutions
2008-05-16 11:21 . 2008-05-16 11:21 <DIR> d-------- C:\Program Files\Innovative Solutions
2008-05-16 11:21 . 2006-11-22 12:35 42,496 --a------ C:\Windows\System32\AdvUninstCPL.cpl
2008-04-28 18:18 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-28 18:18 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-19 14:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 12:55 --------- d-----w C:\Program Files\Opera 9.5 beta
2008-05-19 12:54 --------- d-----w C:\Program Files\Google
2008-05-19 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 12:53 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-19 12:07 --------- d-----w C:\Program Files\Acer Inc
2008-05-18 10:19 --------- d-----w C:\Program Files\Opera
2008-05-17 23:19 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-05-16 16:10 185,488 ----a-w C:\Users\Asle\AppData\Roaming\nvModes.dat
2008-05-16 10:57 --------- d---a-w C:\ProgramData\TEMP
2008-05-16 10:07 --------- d-----w C:\ProgramData\Lavasoft
2008-05-16 08:56 --------- d-----w C:\Users\Asle\AppData\Roaming\uTorrent
2008-05-16 08:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 18:20 --------- d-----w C:\Users\Asle\AppData\Roaming\OpenOffice.org2
2008-04-16 10:16 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-04-16 10:16 --------- d--h--w C:\ProgramData\CanonBJ
2008-04-14 19:10 --------- d-----w C:\Users\Asle\AppData\Roaming\GHISLER
2008-04-14 19:09 --------- d-----w C:\Program Files\totalcmd
2008-04-05 13:17 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2008-04-01 15:29 174 --sha-w C:\Program Files\desktop.ini
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Mail
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Journal
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Defender
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-01 15:23 --------- d-----w C:\Program Files\Windows Calendar
2008-04-01 14:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-01 14:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-31 10:22 --------- d-----w C:\Program Files\Nobilis
2008-03-28 12:18 --------- d-----w C:\Users\Asle\AppData\Roaming\Codemasters
2008-03-28 09:48 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-27 22:09 --------- d-----w C:\Users\Asle\AppData\Roaming\MegauploadToolbar
2008-03-27 22:09 --------- d-----w C:\Program Files\MegauploadToolbar
2008-03-27 12:21 --------- d-----w C:\Users\Asle\AppData\Roaming\InstallShield
2008-03-27 12:21 --------- d-----w C:\ProgramData\InstallShield
2008-03-27 12:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBF0A4B3-A76A-414B-9EB2-9564A2770D3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ceb1f085-23b2-4dc1-8634-087b44fbbb9b}]
C:\Windows\system32\nbrsgaij.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [2008-04-25 09:57 198185]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-09 06:48 53248]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"eRecoveryService"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-07-25 17:39 81920]
"90e589c3"="C:\Windows\system32\abnmicxs.dll" [2008-05-18 01:36 116224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"BM93d6ba5f"="C:\Windows\system32\nusicttt.dll " [2008-05-19 15:03 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-983903875-2531788366-477322086-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{19A5E2DD-5873-4F5F-B880-E512C211D97E}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagici an
"{29226A04-C324-4418-956C-28C554112675}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{015BEBF1-E63B-4A76-8527-E68A653B1855}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{458D7522-B1F8-4A09-9DE3-396B896A1D7F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D352BC10-91A8-47B2-AAED-8D55E8A16665}C:\\users\\asle\\mirc\\mirc.exe"= UDP:C:\users\asle\mirc\mirc.exe:mirc.exe
"UDP Query User{2BD08E4C-C5D9-4238-8CF6-4377A22C876F}C:\\users\\asle\\mirc\\mirc.exe"= TCP:C:\users\asle\mirc\mirc.exe:mirc.exe
"TCP Query User{01651ED6-C002-4DD3-B4A7-B18DB447BABE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{BBE4AC3E-09DB-40BE-B3AE-EE19A3104644}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{4CAE2361-599A-4FAC-8FDE-4C99C781A599}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{9461BC8D-CF91-4E25-BF52-F967812FB97C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{61E49493-E5DF-4359-BD57-4BE362DE90D7}"= UDP:\World in Conflict\wic.exe:World in Conflict
"{B080CDB4-7CAA-4CA4-9504-1B3C1A871C5D}"= TCP:\World in Conflict\wic.exe:World in Conflict
"{CDC6BC95-3FFE-4F95-8327-FE3D17EFC5D4}"= UDP:\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{ADD85DE3-B7C7-4B8F-B296-F9E5B6146448}"= TCP:\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{D3752E5D-9399-4C90-938F-6D143429579E}"= UDP:\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{E94F3949-EBB3-4D4D-BE36-87E150086808}"= TCP:\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{DBBDB1B3-F856-46C4-828B-0DD8A34FB789}"= UDP:C:\Program Files\Flagship Studios\Hellgate London Demo\Launcher.exe:Hellgate: London
"{7218CEDC-AF40-4D7D-9067-3A37ADEFB08C}"= TCP:C:\Program Files\Flagship Studios\Hellgate London Demo\Launcher.exe:Hellgate: London
"{81A07F86-FA5D-4F52-B77A-2DCA52883145}"= UDP:\Mark of Chaos\Warhammer.exe:Warhammer Battle March
"{9BDBFD07-8024-4766-B826-50C3BCF6C99B}"= TCP:\Mark of Chaos\Warhammer.exe:Warhammer Battle March

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\ps dfilter.sys [2007-04-26 01:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PS DNServ.sys [2007-04-26 01:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdv disk.sys [2007-04-26 01:34]
R1 Ext2Fsd;Linux ext2 file system driver;C:\Windows\system32\drivers\Ext2Fsd.sys [2007-11-30 22:31]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-26 01:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-23 00:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 23:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 21:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-09-14 15:32]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2007-01-30 07:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-02-20 08:47]
R3 Cam5607;Acer Crystal Eye webcam;C:\Windows\system32\Drivers\BisonC07.sys [2007-07-26 18:25]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{891cf276-ae5a-11dc-898f-f53e2dada55a}]
\shell\AutoRun\command - F:\AutoStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fe41ea8d-a854-11dc-aaeb-806e6f6e6963}]
\shell\AutoRun\command - E:\Launch.exe

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 11:25:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\abnmicxs.dll
-> C:\Windows\system32\nusicttt.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Windows\System32\dllhost.exe
.
************************************************** ************************
.
Completion time: 2008-05-20 11:29:54 - machine was rebooted [Asle]
ComboFix-quarantined-files.txt 2008-05-20 09:28:46

Pre-Run: 48,151,683,072 bytes free
Post-Run: 48,198,242,304 bytes free

318 --- E O F --- 2008-05-16 08:22:45











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:01, on 20.05.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\BR040286.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\winvi\wupda.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
D:\Opera 9.5 beta\opera.exe
C:\Users\Asle\AppData\Local\Opera\Opera 9.5 beta\profile\cache4\temporary_download\HijackThis. exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BBF0A4B3-A76A-414B-9EB2-9564A2770D3C} - (no file)
O2 - BHO: {b9bbbf44-b780-4368-1cd4-2b32580f1bec} - {ceb1f085-23b2-4dc1-8634-087b44fbbb9b} - C:\Windows\system32\nbrsgaij.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [90e589c3] rundll32.exe "C:\Windows\system32\abnmicxs.dll",b
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM93d6ba5f] Rundll32.exe "C:\Windows\system32\nusicttt.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6647 bytes
  #4  
Old 05-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,089
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Can't Search Google, **** Coolsearch!
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {BBF0A4B3-A76A-414B-9EB2-9564A2770D3C} - (no file)
O2 - BHO: {b9bbbf44-b780-4368-1cd4-2b32580f1bec} - {ceb1f085-23b2-4dc1-8634-087b44fbbb9b} - C:\Windows\system32\nbrsgaij.dll (file missing)
O4 - HKLM\..\Run: [90e589c3] rundll32.exe "C:\Windows\system32\abnmicxs.dll",b
O4 - HKLM\..\Run: [BM93d6ba5f] Rundll32.exe "C:\Windows\system32\nusicttt.dll",s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Reboot............................
================================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Killall::
File::
C:\Windows\System32\sxcimnba.ini
C:\Windows\System32\jjyifnux.dll
C:\Windows\System32\abnmicxs.dll
C:\Windows\System32\enkyqrpe.dll
C:\Windows\System32\maxxxeku.dll
C:\Windows\system32\nusicttt.dll
Folder::
C:\327882R2FWJFW
C:\Program Files\winvi
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBF0A4B3-A76A-414B-9EB2-9564A2770D3C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ceb1f085-23b2-4dc1-8634-087b44fbbb9b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BM93d6ba5f"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 05-20-2008
Bronze Member
  
Join Date: May 2008
Posts: 7
PC Experience: Experienced
Amonero - See this Members User comments on their Profile page
Default Re: Can't Search Google, **** Coolsearch!
I copied the script verbatim into a txt file, saved it as CFScript.txt, dragged it onto the Combofix icon, Combofix started up, but then I got a bluescreen and Windows restarted to 'prevent damage to the computer.'
  #6  
Old 05-20-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,089
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Can't Search Google, **** Coolsearch!
Try it again.....


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #7  
Old 05-21-2008
Bronze Member
  
Join Date: May 2008
Posts: 7
PC Experience: Experienced
Amonero - See this Members User comments on their Profile page
Default Re: Can't Search Google, **** Coolsearch!
Tried it four times, each time I get the bluescreen and the restart.

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks