Virus Yg Tukarkan File Exe Kepada .lnk (Lnk)

[tuweet 0]

salam smua,
laptop skolah wife aku kne serang virus yg tukarkan smua exe kt dlm laptop tu kp lnk (LNK)
(exp- Skype.exe jadi Skype.lnk)
n then bile clik mane2 exe yg dh jd lnk tu smua dh xleh broperasi mcm biasa..aku try guna open whit,malangnye bile aku select exe untuk di open with tu habis smua program2 lain turut di open with dgn exe yg aku pilih.exp- aku open with Skype dgn original exe skype dlm program file,bile dh select smua program2 lain akn kuar skype jugak...so far aku dh try mcm2 yg aku mampu surf kt tenet,trmasuk la guna GVR.tp smua xjalan..so harap mane2 yg pakar tu sudi mmbantu.
laptop tu gune OS win.7 antivirus plak Avira.

p/s:harap yg pakar2 tu faham ape masalah yg aku citer ni.sori klu xplenation agak brjela-jela..
slamat brpuasa.. Edited August 25, 2010 by tuweet

[gastri_solution 1]

cuba scan guna antimalware ni...

[img]http://mitchcovert.files.wordpress.com/2010/01/malwarebytes.png[/img]

[url="http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html"]Malware[/url]

[tuweet 0]

ok..trimas en.gastri..sye tgh mncuba..nnt bgtau result..

[test0123 10]

lepas buat full scan..post hijackthis kat sini..

[tuweet 0]

dukacita amat..lepas scan dgn malwarebytes masih xde perubahan..result dia kuar infected smua "0" no malicious item detected..aku dh perform full scan.
dah mati akal nk buat ape lg..
aku surf tenet ramai gak yg kne penyakit mcm ni..ada yg dpt repair n ade yg xdpt.adakah coz aku nyer windows7?
coz kebanyakn yg dpt repair prob ni guna win.xp.
ni link prbincangan yg kena virus mcm aku sebagai rujukan..

http://www.raymond.cc/blog/archives/2008/01/06/fix-or-restore-broken-exe-lnk-com-association-caused-by-virus/comment-page-2/#comment-488382

aku dh follow step pakar dlm page tu ajar.tp x menjadi kt laptop aku ni.
harap sgt mana yg pakar tu dpt mmbantu..dh 3 hari duk mngadap laptop ni..klu xleh sattle gak kne brsara aa esok..hu huu... Edited August 25, 2010 by tuweet

[test0123 10]

run hijakthis..post logfile kat sini

[tuweet 0]

xdpt nk save logfile dr laptop tu.nk copy paste gune paint pun xbleh..last2 aku tangkap pic je la..ni ke run hijackthis yg dimaksudkan?sori kualiti low..malunye aku klu salah..

http://img651.imageshack.us/i/logd.jpg/ Edited August 25, 2010 by tuweet

[test0123 10]

ya...dah betul..paste dlm note pad...kat sini just copy paste jer..
awk bg dlm picture..cemana nk analysis...??..tak bley

[tuweet 0]

tu aa masalahnye..bile nk save log tu kuar error kt laptop tu.
Cannot find the C:\program Files\Trend Micro\HiJackthis.log file. do u want to create new file? bile tekan yes hilang lak notepad tu..lasung xleh nk copy..ntah ape salahnye..nnt sye try buat lg skali..

edited-dh dpt..nsb baik trbace care gune dia..kne run as administrator..
ok ni logfilenye..hrp bleh buat rujukan..trimas ye..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:16 AM, on 8/26/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\USBScan\USBScan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [USBScan.exe] C:\Program Files\USBScan\USBScan.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\system32\ChgService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_62dfbbc3466d0409\STacSV.exe

--
End of file - 5023 bytes Edited August 25, 2010 by tuweet

[test0123 10]

R0 - HKLM\Software\Microsoft\InternetExplorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName
O6 - HKCU\Software\Policies\Microsoft\InternetExplorer\Control Panel present

tgk logfile awk ok jer.Fix semua entry ni

reboot laptop...open cmd-->sfc /scannow

[tuweet 0]

tu aa..dh jenuh memikirkannye..sye ni duk kt pendalaman di srawak.nk gi repair kedai pc jauh sgt kt pekan tu.trpaksa la ikhtiar sendiri.nasib baik ade tenet yg boleh wat rujukan..okeh sye buat skrg.dh siap nnt sye report sni..trima kasih

[tuweet 0]

ermmm..kuar ni plak kt cmd bile sye sfc/scannow
you must be an administrator running a consol session in order to use the sfc utility
laptop ni ade 1 user je..sye dh try follow step Start - type in Search box - COMMAND find at top of list - RIGHT CLICK - RUN AS ADMIN
tp bile right click kt command tu xde pun pilihan run as admin..yg ade open je..
mcm mne ye..? Edited August 26, 2010 by tuweet

[test0123 10]

pakai win ape??

[tuweet 0]

windows 7

[test0123 10]

pegi kat start--accessori--cmd-right click run as administrator..

[tuweet 0]

xjumpe accessories kt start..pastu sye try search,kuar accessories tu tp bile klik dia pun dh jd .lnk..
ade care lain lg?

edited- owh dh dpt run scan..sye ejas kt change user accn settings..ni tgh buat blk..kne run hijacksthis n repair dlu..nnt result sye inform..

>>Result... windows resourcenprotection did not find any integrity violations...
mcm mane tu?xde harapan ke nk pulih laptop tu?kuciwa... Edited August 26, 2010 by tuweet

[test0123 10]

ok..try guna ni plak.. [url="http://www.combofix.org/download.php"]ComboFix[/url] dah siap install..sblom scan..disable dlu antivirus..dah siap scan and fix..post hijacklog kat sini

[tuweet 0]

jap kurang faham..nk kne run combofix dlu n thn bile dh siap combofix kne run hijackthis-fix-logfile dr hijackthis plak ke?
ni logfile dr combofix..klu nk kne run hijackthis plak plz bgtau..

Edited..logfile yg sye paste sbelum yg kt bawah ni sye run dgn x disable avira..
yg kt bawah ni baru punye..sori td xperasan avira lupe nk disable

ComboFix 10-08-25.01 - user 08/27/2010 0:15.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.767.175 [GMT 8:00]
Running from: c:\users\user\Desktop\Rescue\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!wininit.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 16:21 . 2010-08-26 16:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-26 16:21 . 2010-08-26 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-26 16:14 . 2010-08-26 16:15 -------- d-----w- C:\32788R22FWJFW
2010-08-25 15:02 . 2010-08-25 15:02 388096 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-25 15:02 . 2010-08-25 15:02 -------- d-----w- c:\program files\Trend Micro
2010-08-25 11:57 . 2010-08-25 12:12 -------- d-----w- c:\program files\USBScan
2010-08-25 10:43 . 2010-08-25 10:43 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2010-08-25 10:42 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 10:42 . 2010-08-25 10:42 -------- d-----w- c:\programdata\Malwarebytes
2010-08-25 10:42 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 10:42 . 2010-08-25 10:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 04:16 . 2010-08-26 15:58 -------- d-----w- c:\program files\GVR
2010-08-25 02:36 . 2010-08-25 03:11 -------- d-----w- c:\program files\Smart Virus Remover
2010-08-24 04:35 . 2010-08-24 04:35 -------- d-----w- c:\users\user\AppData\Local\Apps
2010-08-18 02:09 . 2010-08-24 01:09 -------- dc----w- c:\users\user\AppData\Local\MigWiz
2010-08-03 13:44 . 2010-08-25 11:41 -------- d-----w- c:\users\user\user1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 15:17 . 2009-11-08 04:40 -------- d-----w- c:\users\user\AppData\Roaming\Winamp
2010-07-22 03:31 . 2010-02-13 03:09 -------- d-----w- c:\users\user\AppData\Roaming\Skype
2010-06-16 02:57 . 2010-06-16 02:57 50354 ------w- c:\users\user\AppData\Roaming\Facebook\uninstall.exe
2010-06-13 10:02 . 2010-02-13 03:08 140392 ------w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ------w- c:\users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-26_15.34.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2010-08-26 15:36 47426 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-06-13 10:11 . 2010-08-26 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-13 10:11 . 2010-08-26 16:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-13 10:11 . 2010-08-26 15:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-13 10:11 . 2010-08-26 16:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-13 10:11 . 2010-08-26 15:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-13 10:11 . 2010-08-26 16:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-08 03:38 . 2010-08-26 15:36 8206 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3291368478-2549113030-1317797391-1000_UserData.bin
+ 2010-08-26 15:05 . 2010-08-26 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-26 15:05 . 2010-08-26 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-26 15:05 . 2010-08-26 15:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-26 15:05 . 2010-08-26 16:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2010-08-26 15:39 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-26 15:24 615360 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-26 15:39 103702 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-08-26 15:24 103702 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652]
"USBScan.exe"="c:\program files\USBScan\USBScan.exe" [2009-06-30 1359872]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-05-27 13:58 4269296 ------w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2006-01-24 03:37 7094272 ------w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-12-08 05:41 26499880 ------w- c:\program files\Skype\Phone\Skype.exe

R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-22 116136]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-05-25 103552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-17 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2009-03-25 135168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://www.Google.com
uStart Page = hxxp://www.Google.com
uDefault_Search_URL = hxxp://www.Google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\mhlcxoa8.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.scr=AutoCADScriptFile
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2010-08-27 00:26:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-26 16:26
ComboFix2.txt 2010-08-26 15:38

Pre-Run: 103,752,749,056 bytes free
Post-Run: 103,439,060,992 bytes free

- - End Of File - - E2805718E881633AF018F5345E18D387 Edited August 26, 2010 by tuweet

[test0123 10]

ok..skrg..run hijackthis plak..nak tgk logfile dia plak..

[tuweet 0]

ermm...xpela bro..sye dh giveup..hu huu..dh hantar blk laptop tu ke skolah..biar dorg repair kt pekan je la..
pe2 pun terima kasih bebanyak ye..nnt klu ade masalah lain sye rujuk bro..
slamat beramal..wassalam..

[test0123 10]

ok..kalo dah give up..tak leh wat per la..hehehe..

[SabarGan 0]

++edite++ Edited September 10, 2010 by SabarGan

[khorback 11]

http://www.dougknox.com/xp/file_assoc.htm