tuweet 0 Report post Posted August 25, 2010 (edited) salam smua, laptop skolah wife aku kne serang virus yg tukarkan smua exe kt dlm laptop tu kp lnk (LNK) (exp- Skype.exe jadi Skype.lnk) n then bile clik mane2 exe yg dh jd lnk tu smua dh xleh broperasi mcm biasa..aku try guna open whit,malangnye bile aku select exe untuk di open with tu habis smua program2 lain turut di open with dgn exe yg aku pilih.exp- aku open with Skype dgn original exe skype dlm program file,bile dh select smua program2 lain akn kuar skype jugak...so far aku dh try mcm2 yg aku mampu surf kt tenet,trmasuk la guna GVR.tp smua xjalan..so harap mane2 yg pakar tu sudi mmbantu. laptop tu gune OS win.7 antivirus plak Avira. p/s:harap yg pakar2 tu faham ape masalah yg aku citer ni.sori klu xplenation agak brjela-jela.. slamat brpuasa.. Edited August 25, 2010 by tuweet Quote Share this post Link to post Share on other sites
gastri_solution 1 Report post Posted August 25, 2010 cuba scan guna antimalware ni... [img]http://mitchcovert.files.wordpress.com/2010/01/malwarebytes.png[/img] [url="http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html"]Malware[/url] Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 25, 2010 ok..trimas en.gastri..sye tgh mncuba..nnt bgtau result.. Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 25, 2010 lepas buat full scan..post hijackthis kat sini.. Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 25, 2010 (edited) dukacita amat..lepas scan dgn malwarebytes masih xde perubahan..result dia kuar infected smua "0" no malicious item detected..aku dh perform full scan. dah mati akal nk buat ape lg.. aku surf tenet ramai gak yg kne penyakit mcm ni..ada yg dpt repair n ade yg xdpt.adakah coz aku nyer windows7? coz kebanyakn yg dpt repair prob ni guna win.xp. ni link prbincangan yg kena virus mcm aku sebagai rujukan.. http://www.raymond.cc/blog/archives/2008/01/06/fix-or-restore-broken-exe-lnk-com-association-caused-by-virus/comment-page-2/#comment-488382 aku dh follow step pakar dlm page tu ajar.tp x menjadi kt laptop aku ni. harap sgt mana yg pakar tu dpt mmbantu..dh 3 hari duk mngadap laptop ni..klu xleh sattle gak kne brsara aa esok..hu huu... Edited August 25, 2010 by tuweet Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 25, 2010 run hijakthis..post logfile kat sini Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 25, 2010 (edited) xdpt nk save logfile dr laptop tu.nk copy paste gune paint pun xbleh..last2 aku tangkap pic je la..ni ke run hijackthis yg dimaksudkan?sori kualiti low..malunye aku klu salah.. http://img651.imageshack.us/i/logd.jpg/ Edited August 25, 2010 by tuweet Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 25, 2010 ya...dah betul..paste dlm note pad...kat sini just copy paste jer.. awk bg dlm picture..cemana nk analysis...??..tak bley Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 25, 2010 (edited) tu aa masalahnye..bile nk save log tu kuar error kt laptop tu. Cannot find the C:\program Files\Trend Micro\HiJackthis.log file. do u want to create new file? bile tekan yes hilang lak notepad tu..lasung xleh nk copy..ntah ape salahnye..nnt sye try buat lg skali.. edited-dh dpt..nsb baik trbace care gune dia..kne run as administrator.. ok ni logfilenye..hrp bleh buat rujukan..trimas ye.. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:57:16 AM, on 8/26/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\USBScan\USBScan.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [USBScan.exe] C:\Program Files\USBScan\USBScan.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\system32\ChgService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\STacSV.exe -- End of file - 5023 bytes Edited August 25, 2010 by tuweet Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 26, 2010 R0 - HKLM\Software\Microsoft\InternetExplorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName O6 - HKCU\Software\Policies\Microsoft\InternetExplorer\Control Panel present tgk logfile awk ok jer.Fix semua entry ni reboot laptop...open cmd-->sfc /scannow Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 26, 2010 tu aa..dh jenuh memikirkannye..sye ni duk kt pendalaman di srawak.nk gi repair kedai pc jauh sgt kt pekan tu.trpaksa la ikhtiar sendiri.nasib baik ade tenet yg boleh wat rujukan..okeh sye buat skrg.dh siap nnt sye report sni..trima kasih Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 26, 2010 (edited) ermmm..kuar ni plak kt cmd bile sye sfc/scannow you must be an administrator running a consol session in order to use the sfc utility laptop ni ade 1 user je..sye dh try follow step Start - type in Search box - COMMAND find at top of list - RIGHT CLICK - RUN AS ADMIN tp bile right click kt command tu xde pun pilihan run as admin..yg ade open je.. mcm mne ye..? Edited August 26, 2010 by tuweet Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 26, 2010 pakai win ape?? Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 26, 2010 windows 7 Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 26, 2010 pegi kat start--accessori--cmd-right click run as administrator.. Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 26, 2010 (edited) xjumpe accessories kt start..pastu sye try search,kuar accessories tu tp bile klik dia pun dh jd .lnk.. ade care lain lg? edited- owh dh dpt run scan..sye ejas kt change user accn settings..ni tgh buat blk..kne run hijacksthis n repair dlu..nnt result sye inform.. >>Result... windows resourcenprotection did not find any integrity violations... mcm mane tu?xde harapan ke nk pulih laptop tu?kuciwa... Edited August 26, 2010 by tuweet Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 26, 2010 ok..try guna ni plak.. [url="http://www.combofix.org/download.php"]ComboFix[/url] dah siap install..sblom scan..disable dlu antivirus..dah siap scan and fix..post hijacklog kat sini Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 26, 2010 (edited) jap kurang faham..nk kne run combofix dlu n thn bile dh siap combofix kne run hijackthis-fix-logfile dr hijackthis plak ke? ni logfile dr combofix..klu nk kne run hijackthis plak plz bgtau.. Edited..logfile yg sye paste sbelum yg kt bawah ni sye run dgn x disable avira.. yg kt bawah ni baru punye..sori td xperasan avira lupe nk disable ComboFix 10-08-25.01 - user 08/27/2010 0:15.2.1 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.767.175 [GMT 8:00] Running from: c:\users\user\Desktop\Rescue\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\wininit.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe . ((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 ))))))))))))))))))))))))))))))) . 2010-08-26 16:21 . 2010-08-26 16:21 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-08-26 16:21 . 2010-08-26 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-26 16:14 . 2010-08-26 16:15 -------- d-----w- C:\32788R22FWJFW 2010-08-25 15:02 . 2010-08-25 15:02 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-25 15:02 . 2010-08-25 15:02 -------- d-----w- c:\program files\Trend Micro 2010-08-25 11:57 . 2010-08-25 12:12 -------- d-----w- c:\program files\USBScan 2010-08-25 10:43 . 2010-08-25 10:43 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2010-08-25 10:42 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-25 10:42 . 2010-08-25 10:42 -------- d-----w- c:\programdata\Malwarebytes 2010-08-25 10:42 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-25 10:42 . 2010-08-25 10:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-25 04:16 . 2010-08-26 15:58 -------- d-----w- c:\program files\GVR 2010-08-25 02:36 . 2010-08-25 03:11 -------- d-----w- c:\program files\Smart Virus Remover 2010-08-24 04:35 . 2010-08-24 04:35 -------- d-----w- c:\users\user\AppData\Local\Apps 2010-08-18 02:09 . 2010-08-24 01:09 -------- dc----w- c:\users\user\AppData\Local\MigWiz 2010-08-03 13:44 . 2010-08-25 11:41 -------- d-----w- c:\users\user\user1 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-11 15:17 . 2009-11-08 04:40 -------- d-----w- c:\users\user\AppData\Roaming\Winamp 2010-07-22 03:31 . 2010-02-13 03:09 -------- d-----w- c:\users\user\AppData\Roaming\Skype 2010-06-16 02:57 . 2010-06-16 02:57 50354 ------w- c:\users\user\AppData\Roaming\Facebook\uninstall.exe 2010-06-13 10:02 . 2010-02-13 03:08 140392 ------w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ------w- c:\users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-26_15.34.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:55 . 2010-08-26 15:36 47426 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-06-13 10:11 . 2010-08-26 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-13 10:11 . 2010-08-26 16:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-13 10:11 . 2010-08-26 15:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-13 10:11 . 2010-08-26 16:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-06-13 10:11 . 2010-08-26 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-06-13 10:11 . 2010-08-26 16:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-11-08 03:38 . 2010-08-26 15:36 8206 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3291368478-2549113030-1317797391-1000_UserData.bin + 2010-08-26 15:05 . 2010-08-26 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-08-26 15:05 . 2010-08-26 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-08-26 15:05 . 2010-08-26 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-08-26 15:05 . 2010-08-26 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:05 . 2010-08-26 15:39 615360 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2010-08-26 15:24 615360 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-08-26 15:39 103702 c:\windows\System32\perfc009.dat - 2009-07-14 02:05 . 2010-08-26 15:24 103702 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "USBScan.exe"="c:\program files\USBScan\USBScan.exe" [2009-06-30 1359872] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2008-05-27 13:58 4269296 ------w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2006-01-24 03:37 7094272 ------w- c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2008-12-08 05:41 26499880 ------w- c:\program files\Skype\Phone\Skype.exe R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-22 116136] R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-05-25 103552] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-17 176128] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2009-03-25 135168] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] . . ------- Supplementary Scan ------- . uLocal Page = hxxp://www.Google.com uStart Page = hxxp://www.Google.com uDefault_Search_URL = hxxp://www.Google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mhlcxoa8.default\ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll . . ------- File Associations ------- . txtfile=c:\windows\notepad.exe %1 .scr=AutoCADScriptFile . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe . ************************************************************************** . Completion time: 2010-08-27 00:26:09 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-26 16:26 ComboFix2.txt 2010-08-26 15:38 Pre-Run: 103,752,749,056 bytes free Post-Run: 103,439,060,992 bytes free - - End Of File - - E2805718E881633AF018F5345E18D387 Edited August 26, 2010 by tuweet Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 27, 2010 ok..skrg..run hijackthis plak..nak tgk logfile dia plak.. Quote Share this post Link to post Share on other sites
tuweet 0 Report post Posted August 27, 2010 ermm...xpela bro..sye dh giveup..hu huu..dh hantar blk laptop tu ke skolah..biar dorg repair kt pekan je la.. pe2 pun terima kasih bebanyak ye..nnt klu ade masalah lain sye rujuk bro.. slamat beramal..wassalam.. Quote Share this post Link to post Share on other sites
test0123 10 Report post Posted August 27, 2010 ok..kalo dah give up..tak leh wat per la..hehehe.. Quote Share this post Link to post Share on other sites
SabarGan 0 Report post Posted September 8, 2010 (edited) ++edite++ Edited September 10, 2010 by SabarGan Quote Share this post Link to post Share on other sites
khorback 11 Report post Posted September 9, 2010 http://www.dougknox.com/xp/file_assoc.htm Quote Share this post Link to post Share on other sites