How do I get rid of Win32.Unknown.Random.X from my explorer?

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

How do I get rid of Win32.Unknown.Random.X from my explorer?

Options

twins View Member Profile	Aug 18 2008, 11:39 PM Post #1
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	Hi, I'm new here so I don't know whether am I posting this to the correct forum and I'm sorry if I did. I ran a scan using RemoveIt Pro and it detected Win32.Unknown.Random.X in my explorer.exe. But when I used Nod32 v2.7 to run an in-depth scan on my pc, it showed that it was clean. What am I to do now? Do I have to format my pc? I've tried using RemoveIt Pro to fix the problem but it seems that it deletes my explorer.exe. I was able to recover using system restore but I'm now at a lost. Please advise.

LDTate View Member Profile	Aug 23 2008, 11:03 AM Post #2
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

twins View Member Profile	Aug 25 2008, 06:28 PM Post #3
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	Thanks for the reply. Here is my Hijack log: Logfile of HijackThis v1.99.1 Scan saved at 11:31:08 PM, on 8/25/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe And at the moment my computer hangs quite frequently especially when it loads My Computer or My Documents whenever I open them, the magnifying glass appears like it's searching for the file.

LDTate View Member Profile	Aug 26 2008, 03:57 PM Post #4
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	QUOTE And at the moment my computer hangs quite frequently especially when it loads My Computer or My Documents whenever I open them, the magnifying glass appears like it's searching for the file. This might not be a spyware/malware/virus issue but lets have a look. Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

twins View Member Profile	Aug 26 2008, 05:41 PM Post #5
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	It'll take me some time to download and run this scans. Here is a log from my RemoveIT Pro: RemoveIT Pro v4 - SE (Build date: 6.6.2008) full information log file. Generated at: 8/27/2008 on 6:57:59 AM Microsoft Windows XP Professional Service Pack 2 (Build 2600) Author: Damjan Irgolic http://www.incodesolutions.com support@incodesolutions.com You have some viruses in your computer. Please Scan your computer with RemoveIT Pro to remove discovered viruses. Virus list: Infected with Win32.Unknown.Random.X - File c:\windows\explorer.exe Running processes: (12) C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe C:\WINDOWS\explorer.exe Startup files: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui ["C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Acrobat Assistant 7.0 ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ [] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IMJPMIG8.1 ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSPY2002 [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PHIME2002ASync [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PHIME2002A [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck [C:\WINDOWS\system32\\NeroCheck.exe] Detail report: (52) Clsid C:\WINDOWS\system32\crypt32.dll[efc958396a7a7ef7e6d4a52b97512e18][597504] Clsid C:\WINDOWS\system32\cryptnet.dll[cad4aa32e7eca00c23cc39c0eb833f9d][63488] Clsid C:\WINDOWS\system32\cscdll.dll[587729679b4fe04ce06a5c61d6c56dcd][101888] Clsid C:\WINDOWS\system32\sclgntfy.dll[d636fa41e50671160d838ea2dace3330][20992] Clsid c:\windows\system32\stobject.dll[297101a925ecffdcdf7f6341ffbb6c1a][121856] Clsid C:\WINDOWS\system32\wlnotify.dll[a599e5e366c1408e48aa5d37882d4e3e][92672] Proc C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[fbd06a45db2d543efd932768029ec5f2][483328] Proc C:\Program Files\Eset\nod32krn.exe[5300e3715347a5da5b94aec3177f5f31][552064] Proc C:\Program Files\ESET\nod32kui.exe[66bc5f3ad50fe6225d3fd1964a749d38][949376] Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[785fc04fa0f45a94454bcb909920c5f5][551424] Proc C:\WINDOWS\explorer.exe[a0732187050030ae399b241436565e64][1032192] Proc C:\WINDOWS\system32\ctfmon.exe[24232996a38c0b0cf151c2140ae29fc8][15360] Proc C:\WINDOWS\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312] Proc C:\WINDOWS\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032] Proc C:\WINDOWS\system32\spoolsv.exe[7435b108b935e42ea92ca94f59c8e717][57856] Proc C:\WINDOWS\system32\svchost.exe[8f078ae4ed187aaabc0a305146de6716][14336] RegRun c:\program files\adobe\acrobat 7.0\distillr\acrotray.exe[fbd06a45db2d543efd932768029ec5f2][483328] RegRun c:\program files\eset\nod32kui.exe [66bc5f3ad50fe6225d3fd1964a749d38][949376] RegRun c:\windows\ime\imjp8_1\imjpmig.exe [7bbe4cf421aecc7f0226edd75f12079f][208952] RegRun c:\windows\system32\\nerocheck.exe[3e4c03cefad8de135263236b61a49c90][155648] RegRun c:\windows\system32\ctfmon.exe[24232996a38c0b0cf151c2140ae29fc8][15360] RegRun c:\windows\system32\ime\pintlgnt\imscinst.exe [1b17e09c1223f6d17336d2dd7a1af4f4][59392] RegRun c:\windows\system32\ime\tintlgnt\tintsetp.exe [024dc0f68df5fd6ae9dd82dfbaf479d6][455168] Service c:\program files\common files\microsoft shared\source engine\ose.exe[7a56cf3e3f12e8af599963b16f50fb6a][89136] Service c:\program files\eset\nod32krn.exe[5300e3715347a5da5b94aec3177f5f31][552064] Service c:\windows\system32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544] Service c:\windows\system32\cisvc.exe[3192bd04d032a9c4a85a3278c268a13a][5632] Service c:\windows\system32\clipsrv.exe[c8dec22c4137d7a90f8bdf41ca4b82ae][33280] Service c:\windows\system32\dllhost.exe [dd87db7387b9eb441c5674888a0d840c][5120] Service c:\windows\system32\dmadmin.exe [554c7cb178fe3bd12450b81ad63adbc3][224768] Service c:\windows\system32\imapi.exe[fa788520bcac0f5d9d5cde5615c0d931][150016] Service c:\windows\system32\locator.exe[793f04a09b15e7c6c11dbdffaf06c0ab][75264] Service c:\windows\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312] Service c:\windows\system32\mnmsrvc.exe[f6415361201915b9fe3896b0e4e724ff][32768] Service c:\windows\system32\msdtc.exe[c7c3d89eb0a6f3dba622ea737fa335b1][6144] Service c:\windows\system32\msiexec.exe [4236ae241f193f58adab141ceccfd5f4][77312] Service c:\windows\system32\netdde.exe[05afb5ad06462257bea7495283c86d50][111104] Service c:\windows\system32\rsvp.exe[471b3f9741d762abe75e9deea4787e47][132608] Service c:\windows\system32\scardsvr.exe[25d8de134df108e3dbc8d7d23b1aa58e][95744] Service c:\windows\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032] Service c:\windows\system32\sessmgr.exe[729798e0933076b8fcfcd9934698f164][140800] Service c:\windows\system32\smlogsvc.exe[8b54aa346d1b1b113ffaa75501b8b1b2][89600] Service c:\windows\system32\spoolsv.exe[7435b108b935e42ea92ca94f59c8e717][57856] Service c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336] Service c:\windows\system32\tlntsvr.exe[37db0a7d097310e8b4de803fc3119c78][73216] Service c:\windows\system32\ups.exe[3f5df65b0758675f95a2d43918a740a3][18432] Service c:\windows\system32\vssvc.exe[3ee00364ae0fd8d604f46cbaf512838a][289792] Service c:\windows\system32\wbem\wmiapsrv.exe[ba8cecc3e813e1f7c441b20393d4f86c][126464] Startup c:\documents and settings\acer\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84] Startup c:\documents and settings\all users\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84] Startup c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\sc_acrobat.exe[d6294d59171ac375cd142003566aa89e][25214] System.ini c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336] Startup folder: (3) Startup name: desktop.ini Command: C:\Documents and Settings\Acer\Start Menu\Programs\Startup\desktop.ini Startup name: desktop.ini Command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Startup name: Adobe Acrobat Speed Launcher.lnk Command: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe Win.ini Startup: (1) Path: No additional driver found! Win.ini Startup: (1) Path: No additional driver found! Keyboard drivers: (1) Name: No Keyboard Filter driver found! Services: (81) Service Name: Alerter [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k LocalService Service Name: Application Layer Gateway Service [Running], Path: C:\WINDOWS\System32\alg.exe Service Name: Application Management [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Automatic Updates [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Background Intelligent Transfer Service [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: ClipBook [Stopped], Path: C:\WINDOWS\system32\clipsrv.exe Service Name: COM+ Event System [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: COM+ System Application [Stopped], Path: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Service Name: Computer Browser [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Cryptographic Services [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: DCOM Server Process Launcher [Running], Path: C:\WINDOWS\system32\svchost -k DcomLaunch Service Name: DHCP Client [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Distributed Link Tracking Client [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Distributed Transaction Coordinator [Stopped], Path: C:\WINDOWS\system32\msdtc.exe Service Name: DNS Client [Running], Path: C:\WINDOWS\system32\svchost.exe -k NetworkService Service Name: Error Reporting Service [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Event Log [Running], Path: C:\WINDOWS\system32\services.exe Service Name: Fast User Switching Compatibility [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Help and Support [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: HID Input Service [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: HTTP SSL [Stopped], Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter Service Name: IMAPI CD-Burning COM Service [Stopped], Path: C:\WINDOWS\system32\imapi.exe Service Name: Indexing Service [Stopped], Path: C:\WINDOWS\system32\cisvc.exe Service Name: IPSEC Services [Running], Path: C:\WINDOWS\system32\lsass.exe Service Name: Logical Disk Manager [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Logical Disk Manager Administrative Service [Stopped], Path: C:\WINDOWS\System32\dmadmin.exe /com Service Name: Messenger [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: MS Software Shadow Copy Provider [Stopped], Path: C:\WINDOWS\system32\dllhost.exe /Processid:{8A2E4CBE-8B31-4059-A047-918C5D95AC9B} Service Name: Net Logon [Stopped], Path: C:\WINDOWS\system32\lsass.exe Service Name: NetMeeting Remote Desktop Sharing [Stopped], Path: C:\WINDOWS\system32\mnmsrvc.exe Service Name: Network Connections [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Network DDE [Stopped], Path: C:\WINDOWS\system32\netdde.exe Service Name: Network DDE DSDM [Stopped], Path: C:\WINDOWS\system32\netdde.exe Service Name: Network Location Awareness (NLA) [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Network Provisioning Service [Stopped], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: NOD32 Kernel Service [Running], Path: "C:\Program Files\Eset\nod32krn.exe" Service Name: NT LM Security Support Provider [Stopped], Path: C:\WINDOWS\system32\lsass.exe Service Name: Office Source Engine [Stopped], Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" Service Name: Performance Logs and Alerts [Stopped], Path: C:\WINDOWS\system32\smlogsvc.exe Service Name: Plug and Play [Running], Path: C:\WINDOWS\system32\services.exe Service Name: Portable Media Serial Number Service [Stopped], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Print Spooler [Running], Path: C:\WINDOWS\system32\spoolsv.exe Service Name: Protected Storage [Running], Path: C:\WINDOWS\system32\lsass.exe Service Name: QoS RSVP [Stopped], Path: C:\WINDOWS\system32\rsvp.exe Service Name: Remote Access Auto Connection Manager [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Remote Access Connection Manager [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Remote Desktop Help Session Manager [Stopped], Path: C:\WINDOWS\system32\sessmgr.exe Service Name: Remote Procedure Call (RPC) [Running], Path: C:\WINDOWS\system32\svchost -k rpcss Service Name: Remote Procedure Call (RPC) Locator [Stopped], Path: C:\WINDOWS\system32\locator.exe Service Name: Remote Registry [Running], Path: C:\WINDOWS\system32\svchost.exe -k LocalService Service Name: Removable Storage [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Routing and Remote Access [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Secondary Logon [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Security Accounts Manager [Running], Path: C:\WINDOWS\system32\lsass.exe Service Name: Security Center [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Server [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Shell Hardware Detection [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Smart Card [Stopped], Path: C:\WINDOWS\System32\SCardSvr.exe Service Name: SSDP Discovery Service [Running], Path: C:\WINDOWS\system32\svchost.exe -k LocalService Service Name: System Event Notification [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: System Restore Service [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Task Scheduler [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: TCP/IP NetBIOS Helper [Running], Path: C:\WINDOWS\system32\svchost.exe -k LocalService Service Name: Telephony [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Telnet [Stopped], Path: C:\WINDOWS\system32\tlntsvr.exe Service Name: Terminal Services [Running], Path: C:\WINDOWS\System32\svchost -k DComLaunch Service Name: Themes [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Uninterruptible Power Supply [Stopped], Path: C:\WINDOWS\System32\ups.exe Service Name: Universal Plug and Play Device Host [Stopped], Path: C:\WINDOWS\system32\svchost.exe -k LocalService Service Name: Volume Shadow Copy [Stopped], Path: C:\WINDOWS\System32\vssvc.exe Service Name: WebClient [Running], Path: C:\WINDOWS\system32\svchost.exe -k LocalService Service Name: Windows Audio [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Windows Firewall/Internet Connection Sharing (ICS) [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Windows Image Acquisition (WIA) [Running], Path: C:\WINDOWS\system32\svchost.exe -k imgsvc Service Name: Windows Installer [Stopped], Path: C:\WINDOWS\system32\msiexec.exe /V Service Name: Windows Management Instrumentation [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Service Name: Windows Management Instrumentation Driver Extensions [Stopped], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Windows Time [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: Wireless Zero Configuration [Running], Path: C:\WINDOWS\System32\svchost.exe -k netsvcs Service Name: WMI Performance Adapter [Stopped], Path: C:\WINDOWS\system32\wbem\wmiapsrv.exe Service Name: Workstation [Running], Path: C:\WINDOWS\system32\svchost.exe -k netsvcs Finished... In addition, during the scan my taskbar tends to "refresh" (it seems that way to me) and it won't be visible for a few minutes.

LDTate View Member Profile	Aug 26 2008, 05:44 PM Post #6
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Please don't run any fixes unless I ask you to. Just take your time and we'll see what needs to be done

twins View Member Profile	Aug 26 2008, 10:02 PM Post #7
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	I've run the ATP Cleaner and the Malwarebytes but nothing was detected. Here is my latest HiJackThis log: Logfile of HijackThis v1.99.1 Scan saved at 11:50:10 AM, on 8/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe I'm not sure whether is this related but I just found out that the windows update was downloading though it was offline and not connected to the internet. The interesting thing is that the percentage was progressing. For the moment I haven't noticed anything else which is noticeable. This post has been edited by twins: Aug 26 2008, 10:05 PM

LDTate View Member Profile	Aug 27 2008, 05:56 AM Post #8
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop -------------------------------------------------------------------- Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts Please do not re-connect your machine back to the Internet until Combofix has completely finished. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ** *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. Give it atleast 20-30 minutes to finish if needed.

twins View Member Profile	Aug 27 2008, 09:26 PM Post #9
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	I've run the ComboFix and here is the log: ComboFix 08-08-27.03 - Acer 2008-08-28 11:17:09.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.148 [GMT 8:00] Running from: C:\Documents and Settings\Acer\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))) . 2008-08-28 11:12 . 2008-08-28 11:12 <DIR> d-------- C:\WINDOWS\LastGood 2008-08-27 07:42 . 2008-08-27 07:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-27 07:42 . 2008-08-27 07:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-27 07:42 . 2008-08-27 07:42 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\Malwarebytes 2008-08-27 07:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-27 07:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-18 02:44 . 2008-08-18 02:48 2,153,526 --a------ C:\WINDOWS\ACD Wallpaper.bmp 2008-08-17 21:53 . 2008-08-17 21:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-17 21:53 . 2005-02-25 11:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-17 19:50 . 2008-08-17 19:50 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\ACD Systems 2008-08-17 19:48 . 2008-08-17 19:48 <DIR> d-------- C:\Program Files\Common Files\ACD Systems 2008-08-17 19:48 . 2008-08-17 19:48 <DIR> d-------- C:\Program Files\ACD Systems 2008-08-17 19:48 . 2008-08-17 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-08-17 19:47 . 2008-08-17 19:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-08-17 19:46 . 2008-08-17 19:46 <DIR> d-------- C:\ACD Systems ACDSee 7.0.62 PowerPack 2008-08-17 19:45 . 2008-08-17 19:45 <DIR> d-------- C:\Adobe Photoshop CS2 9.0 2008-08-13 23:00 . 2001-08-17 22:36 126,976 --a------ C:\WINDOWS\system32\hpgt34tk.dll 2008-08-13 23:00 . 2001-08-17 22:36 126,976 --a------ C:\WINDOWS\system32\dllcache\hpgt34tk.dll 2008-08-13 23:00 . 2001-08-17 22:36 101,376 --a------ C:\WINDOWS\system32\hpgt34.dll 2008-08-13 23:00 . 2001-08-17 22:36 101,376 --a------ C:\WINDOWS\system32\dllcache\hpgt34.dll 2008-08-13 23:00 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2008-08-13 23:00 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll 2008-08-13 23:00 . 2001-08-17 22:36 32,768 --a------ C:\WINDOWS\system32\hpgtmcro.dll 2008-08-13 23:00 . 2001-08-17 22:36 32,768 --a------ C:\WINDOWS\system32\dllcache\hpgtmcro.dll 2008-08-13 23:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-13 23:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-06 21:28 . 2008-08-06 21:28 1,264,469 --a------ C:\WINDOWS\green02.scr 2008-08-06 21:28 . 2008-08-06 21:28 1,208,013 --a------ C:\WINDOWS\summer.scr 2008-08-06 21:28 . 2008-08-06 21:28 1,142,900 --a------ C:\WINDOWS\renwen.scr 2008-08-06 21:28 . 2008-08-06 21:28 1,045,322 --a------ C:\WINDOWS\winter.scr 2008-08-06 21:28 . 2008-08-06 21:28 1,004,811 --a------ C:\WINDOWS\qiudate02.scr 2008-08-06 21:28 . 2008-08-06 21:28 1,001,434 --a------ C:\WINDOWS\chundate.scr 2008-08-06 21:28 . 2008-08-19 21:11 12 --a------ C:\WINDOWS\dirsaver.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 01:11 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner 2008-07-20 10:15 --------- d-s-a-r C:\Program Files\FlashGuard 2008-07-16 14:45 --------- d-----w C:\Documents and Settings\Acer\Application Data\AdobeUM 2008-07-16 14:08 --------- d-----w C:\Program Files\InCode Solutions 2008-07-16 13:12 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-16 13:12 --------- d-----w C:\Program Files\Ahead 2008-07-16 11:03 --------- d-----w C:\Program Files\Smart Virus Remover 2008-07-16 09:16 --------- d-----w C:\Program Files\VLCPortable 2008-07-16 09:03 --------- d-----w C:\Program Files\Hewlett-Packard 2008-07-16 09:01 --------- d-----w C:\Program Files\Winamp 2008-07-16 08:47 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-07-16 08:47 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2008-07-16 08:47 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-07-16 08:47 --------- d-----w C:\Program Files\ESET 2008-07-16 08:44 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-16 08:43 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-07-15 15:13 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe 2008-07-15 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-07-15 11:15 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-15 10:16 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll . ------- Sigcheck ------- 2008-07-15 23:13 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-16 16:47 949376] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2003-12-16 02:36 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-12-16 02:37 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-12-16 02:38 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-12-16 02:38 455168] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2003-09-10 17:07 155648] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-07-16 17:00:23 25214] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 12:51] Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\g9i9z6ec.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 11:19:52 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... C:\WINDOWS\Explorer.EXE [1116] 0x81994098 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-28 11:21:14 ComboFix-quarantined-files.txt 2008-08-28 03:21:10 Pre-Run: 4,917,870,592 bytes free Post-Run: 4,908,105,728 bytes free 116 --- E O F --- 2008-08-27 23:06:46 As the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 11:24:28 AM, on 8/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

twins View Member Profile	Aug 28 2008, 05:02 AM Post #10
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	I was just wondering whether is it possible to replace the "explorer.exe" file and if it is possible, how do I do it?

LDTate View Member Profile	Aug 28 2008, 06:51 AM Post #11
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	RemoveIt Pro has false positives. I wouldn't put any faith in that program.

twins View Member Profile	Aug 28 2008, 06:24 PM Post #12
Authentic Member Group: Authentic Member Posts: 23 Joined: 17-August 08 From: Brunei Member No.: 81,038 Operating System: Windows XP	So I shouldn't worry about the threat detected? cause I find it annoying when the whole desktop just disappears and I have to wait for a minute or so for the taskbar to return.

LDTate View Member Profile	Aug 28 2008, 06:27 PM Post #13
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Uninstall RemoveIt Pro and see what happens. If you need a free anti-virus program try one of these. Avira AntiVir Personal - FREE Antivirus http://www.free-av.com/en/download/1/downl..._antivirus.html Or avast! 4 http://www.avast.com/eng/download-avast-home.html Run a full scan and let us know what it finds

twins View Member Profile	Aug 28 2008, 06:43 PM Post #14