http://forum.lowyat.net/ Fri, 05 Jun 2026 10:01:34 +0800 FeedCreator 1.7.2 http://forum.lowyat.net/topic/3088384 As per title.New or used.Kindly PM me.Thanks. Ray78 Garage Sales Archive Sat, 04 Jan 2014 12:22:29 +0800 http://forum.lowyat.net/topic/1472969 Hi.<br /><br />Before I post HJT and SRE log files here is what happens:<br /><br />&quot;RECYCLER&quot; , &quot;SYSTEM VOLUME INFORMATION&quot; folders created on both my C: and D: drives.I cannot delete these folders as they keep regenerating.I believe my PC got infected through USB flashdrive which I used.I am unable to delete autorun.inf files even using cmd.And there is Isass window on my C: drive.I tried deleting it but access is denied.<br /><br /><br />Here is my HJT log:<br /><br />Logfile of Trend Micro HijackThis v2.0.2<br />Scan saved at 20:02:03, on 6/28/2010<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)<br />Boot mode: Normal<br /><br />Running processes:<br />C:&#092;WINDOWS&#092;System32&#092;smss.exe<br />C:&#092;WINDOWS&#092;system32&#092;winlogon.exe<br />C:&#092;WINDOWS&#092;system32&#092;services.exe<br />C:&#092;WINDOWS&#092;system32&#092;lsass.exe<br />C:&#092;WINDOWS&#092;system32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;system32&#092;spoolsv.exe<br />C:&#092;Program Files&#092;IObit&#092;IObit Security 360&#092;IS360srv.exe<br />C:&#092;WINDOWS&#092;System32&#092;nvsvc32.exe<br />C:&#092;WINDOWS&#092;Explorer.EXE<br />C:&#092;Program Files&#092;Analog Devices&#092;SoundMAX&#092;SMAgent.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;TEMP&#092;ggktpfg.exe<br />C:&#092;DOCUMENTS AND SETTINGS&#092;WINDOWS XP&#092;START MENU&#092;PROGRAMS&#092;STARTUP&#092;Adobe update.com<br />C:&#092;DOCUMENTS AND SETTINGS&#092;WINDOWS XP&#092;START MENU&#092;PROGRAMS&#092;STARTUP&#092;Adobe Online.com<br />C:&#092;Program Files&#092;Trend Micro&#092;HijackThis&#092;HijackThis.exe<br />c:&#092;lsass.exe<br /><br />O3 - Toolbar: &amp;Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:&#092;WINDOWS&#092;System32&#092;msdxm.ocx<br />O4 - HKLM&#092;..&#092;Run: [32740] C:&#092;WINDOWS&#092;TEMP&#092;ggktpfg.exe<br />O4 - Startup: Adobe Online.com<br />O4 - Startup: Adobe update.com<br />O4 - Global Startup: Tenda W541U.lnk = ?<br />O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:&#092;WINDOWS&#092;web&#092;related.htm<br />O9 - Extra &#39;Tools&#39; menuitem: Show &amp;Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:&#092;WINDOWS&#092;web&#092;related.htm<br />O23 - Service: IS360service - IObit - C:&#092;Program Files&#092;IObit&#092;IObit Security 360&#092;IS360srv.exe<br />O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:&#092;WINDOWS&#092;System32&#092;nvsvc32.exe<br />O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:&#092;Program Files&#092;Analog Devices&#092;SoundMAX&#092;SMAgent.exe<br /><br />--<br />End of file - 1871 bytes<br />________________________________________________________________________________________________<br /><br /><br />Here is another log from SREng:<br /><br />007-06-28,11:27:18<br /><br />System Repair Engineer 2.5.16.900<br />Smallfrogs (http://www.KZTechs.com)<br /><br />Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed<br /><br />Follow item(s) have been choosed:<br /> All Boot Items (Including Registry, Startup Folders, Services and so on)<br /> Browser Add-ons<br /> Runing Processes (Including process model information)<br /> File Associations<br /> Winsock Provider<br /> Autorun.Inf<br /> HOSTS File<br /> Process Privileges Scan<br /><br /><br />Boot Items<br />Registry<br />[HKEY_CURRENT_USER&#092;Software&#092;Microsoft&#092;Windows NT&#092;CurrentVersion&#092;Windows]<br /> &lt;load&gt;&lt;&gt; [N/A]<br />[HKEY_LOCAL_MACHINE&#092;Software&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Run]<br /> &lt;27378&gt;&lt;C:&#092;WINDOWS&#092;TEMP&#092;ggktpfg.exe&gt; []<br />[HKEY_LOCAL_MACHINE&#092;Software&#092;Microsoft&#092;Windows NT&#092;CurrentVersion&#092;Winlogon]<br /> &lt;shell&gt;&lt;Explorer.exe&gt; [(Verified)]<br /> &lt;Userinit&gt;&lt;C:&#092;WINDOWS&#092;system32&#092;userinit.exe,&gt; [(Verified)]<br />[HKEY_LOCAL_MACHINE&#092;Software&#092;Microsoft&#092;Windows NT&#092;CurrentVersion&#092;Windows]<br /> &lt;AppInit_DLLs&gt;&lt;&gt; [N/A]<br />[HKEY_LOCAL_MACHINE&#092;Software&#092;Microsoft&#092;Windows NT&#092;CurrentVersion&#092;Winlogon]<br /> &lt;UIHost&gt;&lt;logonui.exe&gt; [(Verified)]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;&gt;{26923b43-4d38-484f-9b9e-de460746276c}]<br /> &lt;Internet Explorer&gt;&lt;%systemroot%&#092;system32&#092;shmgrate.exe OCInstallUserConfigIE&gt; [N/A]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;&gt;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]<br /> &lt;Outlook Express&gt;&lt;%systemroot%&#092;system32&#092;shmgrate.exe OCInstallUserConfigOE&gt; [N/A]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]<br /> &lt;Microsoft Windows Media Player 6.4&gt;&lt;rundll32.exe advpack.dll,LaunchINFSection C:&#092;WINDOWS&#092;INF&#092;mplayer2.inf,PerUserStub.NT&gt; [(Verified)Microsoft Windows XP Publisher]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]<br /> &lt;Themes Setup&gt;&lt;%SystemRoot%&#092;system32&#092;regsvr32.exe /s /n /i:/UserInstall %SystemRoot%&#092;system32&#092;themeui.dll&gt; [N/A]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{306D6C21-C1B6-4629-986C-E59E1875B8AF}]<br /> &lt;N/A&gt;&lt;&quot;C:&#092;WINDOWS&#092;System32&#092;rundll32.exe&quot; &quot;C:&#092;Program Files&#092;Messenger&#092;msgsc.dll&quot;,ShowIconsUser&gt; [(Verified)Microsoft Windows XP Publisher]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]<br /> &lt;Microsoft Outlook Express 6&gt;&lt;&quot;%ProgramFiles%&#092;Outlook Express&#092;setup50.exe&quot; /APP:OE /CALLER:WINNT /user /install&gt; [N/A]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]<br /> &lt;NetMeeting 3.01&gt;&lt;rundll32.exe advpack.dll,LaunchINFSection C:&#092;WINDOWS&#092;INF&#092;msnetmtg.inf,NetMtg.Install.PerUser.NT&gt; [(Verified)Microsoft Windows XP Publisher]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{5945c046-1e7d-11d1-bc44-00c04fd912be}]<br /> &lt;Windows Messenger&gt;&lt;rundll32.exe advpack.dll,LaunchINFSection C:&#092;WINDOWS&#092;INF&#092;msmsgs.inf,BLC.Install.PerUser&gt; [(Verified)Microsoft Windows XP Publisher]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{6BF52A52-394A-11d3-B153-00C04F79FAA6}]<br /> &lt;Microsoft Windows Media Player 8&gt;&lt;rundll32.exe advpack.dll,LaunchINFSection C:&#092;WINDOWS&#092;INF&#092;wmp.inf,PerUserStub&gt; [(Verified)Microsoft Windows XP Publisher]<br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Active Setup&#092;Installed Components&#092;{7790769C-0471-11d2-AF11-00C04FA35D02}]<br /> &lt;Address Book 6&gt;&lt;&quot;%ProgramFiles%&#092;Outlook Express&#092;setup50.exe&quot; /APP:WAB /CALLER:WINNT /user /install&gt; [N/A]<br /><br />==================================<br />Startup Folders<br />[Tenda W541U]<br /> &lt;C:&#092;Documents and Settings&#092;All Users&#092;Start Menu&#092;Programs&#092;Startup&#092;Tenda W541U.lnk --&#62; C:&#092;PROGRA~1&#092;Tenda&#092;W541U&#092;UI.exe []&gt;&lt;N&gt;<br />[Adobe Online]<br /> &lt;C:&#092;Documents and Settings&#092;Windows XP&#092;Start Menu&#092;Programs&#092;Startup&#092;Adobe Online.com --&#62; [N/A]&gt;&lt;N&gt;<br />[Adobe update]<br /> &lt;C:&#092;Documents and Settings&#092;Windows XP&#092;Start Menu&#092;Programs&#092;Startup&#092;Adobe update.com --&#62; [N/A]&gt;&lt;N&gt;<br /><br />==================================<br />Services<br />[Human Interface Device Access / HidServ][Stopped/Disabled]<br /> &lt;C:&#092;WINDOWS&#092;System32&#092;svchost.exe -k netsvcs--&#62;%SystemRoot%&#092;System32&#092;hidserv.dll&gt;&lt;N/A&gt;<br />[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]<br /> &lt;C:&#092;WINDOWS&#092;System32&#092;nvsvc32.exe&gt;&lt;NVIDIA Corporation&gt;<br />[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]<br /> &lt;C:&#092;Program Files&#092;Analog Devices&#092;SoundMAX&#092;SMAgent.exe&gt;&lt;Analog Devices, Inc.&gt;<br /><br />==================================<br />Drivers<br />[aeaudio / aeaudio][Running/Manual Start]<br /> &lt;system32&#092;drivers&#092;aeaudio.sys&gt;&lt;Andrea Electronics Corporation&gt;<br />[AEGIS Protocol (IEEE 802.1x) v3.5.3.0 / AegisP][Running/Auto Start]<br /> &lt;System32&#092;DRIVERS&#092;AegisP.sys&gt;&lt;Meetinghouse Data Communications&gt;<br />[nv / nv][Running/Manual Start]<br /> &lt;System32&#092;DRIVERS&#092;nv4_mini.sys&gt;&lt;NVIDIA Corporation&gt;<br />[Direct Parallel Link Driver / Ptilink][Running/Manual Start]<br /> &lt;System32&#092;DRIVERS&#092;ptilink.sys&gt;&lt;Parallel Technologies, Inc.&gt;<br />[RT73 USB Wireless LAN Card Driver / RT73][Running/Manual Start]<br /> &lt;System32&#092;DRIVERS&#092;rt73.sys&gt;&lt;Ralink Technology, Corp.&gt;<br />[Secdrv / Secdrv][Stopped/Manual Start]<br /> &lt;System32&#092;DRIVERS&#092;secdrv.sys&gt;&lt;N/A&gt;<br />[smwdm / smwdm][Running/Manual Start]<br /> &lt;system32&#092;drivers&#092;smwdm.sys&gt;&lt;Analog Devices, Inc.&gt;<br /><br />==================================<br />Browser Add-ons<br />[@shdoclc.dll,-866]<br /> {c95fe080-8f5d-11d2-a20b-00aa003c157a} &lt;, N/A&gt;<br />[&amp;Radio]<br /> {8E718888-423F-11D2-876E-00A0C9082467} &lt;C:&#092;WINDOWS&#092;System32&#092;msdxm.ocx, &gt;<br />[Shockwave Flash Object]<br /> {D27CDB6E-AE6D-11CF-96B8-444553540000} &lt;C:&#092;WINDOWS&#092;System32&#092;Macromed&#092;Flash&#092;Flash10h.ocx, Adobe Systems, Inc.&gt;<br /><br />==================================<br />Running Processes<br />[PID: 404 / SYSTEM][&#092;SystemRoot&#092;System32&#092;smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]<br />[PID: 628 / SYSTEM][&#092;??&#092;C:&#092;WINDOWS&#092;system32&#092;csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 652 / SYSTEM][&#092;??&#092;C:&#092;WINDOWS&#092;system32&#092;winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br /> [C:&#092;WINDOWS&#092;System32&#092;wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;System32&#092;msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 696 / SYSTEM][C:&#092;WINDOWS&#092;system32&#092;services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;system32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br />[PID: 712 / SYSTEM][C:&#092;WINDOWS&#092;system32&#092;lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]<br />[PID: 896 / SYSTEM][C:&#092;WINDOWS&#092;system32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 920 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br />[PID: 992 / NETWORK SERVICE][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 1016 / LOCAL SERVICE][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 1064 / SYSTEM][C:&#092;WINDOWS&#092;system32&#092;spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]<br />[PID: 1364 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;nvsvc32.exe] [NVIDIA Corporation, 6.14.10.4403]<br />[PID: 1396 / SYSTEM][C:&#092;Program Files&#092;Analog Devices&#092;SoundMAX&#092;SMAgent.exe] [Analog Devices, Inc., 3, 2, 5, 0]<br />[PID: 360 / Windows XP][C:&#092;Program Files&#092;Tenda&#092;W541U&#092;UI.exe] [, 1.0.0.1]<br /> [C:&#092;Program Files&#092;Tenda&#092;W541U&#092;acAuth.dll] [, 4.1.0.65 2006-07-12 18:36:34]<br /> [C:&#092;Program Files&#092;Tenda&#092;W541U&#092;dllPublicFunc.dll] [, 1.0.0]<br /> [C:&#092;Program Files&#092;Tenda&#092;W541U&#092;dllCommonCtrl.dll] [, 1.0.0]<br /> [C:&#092;Program Files&#092;Tenda&#092;W541U&#092;dllMultiLanguage.dll] [, 1.0.0.1]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br />[PID: 444 / Windows XP][C:&#092;Documents and Settings&#092;Windows XP&#092;Start Menu&#092;Programs&#092;Startup&#092;Adobe Online.com] [N/A, ]<br /> [C:&#092;WINDOWS&#092;thumbs .db] [N/A, ]<br />[PID: 496 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;wbem&#092;wmiprvse.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]<br />[PID: 1840 / Windows XP][C:&#092;WINDOWS&#092;TEMP&#092;ggktpfg.exe] [N/A, ]<br />[PID: 140 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 612 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 1640 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 5356 / SYSTEM][C:&#092;WINDOWS&#092;System32&#092;svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br />[PID: 5124 / Windows XP][C:&#092;DOCUMENTS AND SETTINGS&#092;WINDOWS XP&#092;START MENU&#092;PROGRAMS&#092;STARTUP&#092;Adobe update.com] [N/A, ]<br /> [C:&#092;WINDOWS&#092;thumbs .db] [N/A, ]<br />[PID: 4792 / Windows XP][C:&#092;Program Files&#092;Mozilla Firefox&#092;firefox.exe] [Mozilla Corporation, 1.9.2.6]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;xul.dll] [Mozilla Foundation, 1.9.2.6]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;sqlite3.dll] [sqlite.org, 3.6.22]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;js3250.dll] [N/A, ]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;nspr4.dll] [Mozilla Foundation, 4.8.3]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;smime3.dll] [Mozilla Foundation, 3.12.6.2 Basic ECC]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;nss3.dll] [Mozilla Foundation, 3.12.6.2 Basic ECC]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;nssutil3.dll] [Mozilla Foundation, 3.12.6.2]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;plc4.dll] [Mozilla Foundation, 4.8.3]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;plds4.dll] [Mozilla Foundation, 4.8.3]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;ssl3.dll] [Mozilla Foundation, 3.12.6.2 Basic ECC]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;MOZCPP19.dll] [Mozilla Foundation, 8.00.0000]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;xpcom.dll] [Mozilla Foundation, 1.9.2.6]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;components&#092;browserdirprovider.dll] [Mozilla Foundation, 1.9.2.6]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;components&#092;brwsrcmp.dll] [Mozilla Foundation, 1.9.2.6]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;softokn3.dll] [Mozilla Foundation, 3.12.4.6 Basic ECC]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;nssdbm3.dll] [Mozilla Foundation, 3.12.4.6 Basic ECC]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;freebl3.dll] [Mozilla Foundation, 3.12.4.6 Basic ECC]<br /> [C:&#092;Program Files&#092;Mozilla Firefox&#092;nssckbi.dll] [Mozilla Foundation, 1.78]<br /> [C:&#092;WINDOWS&#092;System32&#092;wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;System32&#092;msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 5172 / Windows XP][C:&#092;WINDOWS&#092;explorer.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br /> [C:&#092;WINDOWS&#092;System32&#092;wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;System32&#092;msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 4760 / Windows XP][C:&#092;Program Files&#092;Trillian&#092;trillian.exe] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;SSLEAY32.dll] [The OpenSSL Project, <a href='http://www.openssl.org/' target='_blank'>http://www.openssl.org/</a>, 0.9.8j]<br /> [C:&#092;Program Files&#092;Trillian&#092;LIBEAY32.dll] [The OpenSSL Project, <a href='http://www.openssl.org/' target='_blank'>http://www.openssl.org/</a>, 0.9.8j]<br /> [C:&#092;Program Files&#092;Trillian&#092;MSVCR90.dll] [Microsoft Corporation, 9.00.21022.8]<br /> [C:&#092;Program Files&#092;Trillian&#092;zlib1.dll] [, 1.2.3]<br /> [C:&#092;Program Files&#092;Trillian&#092;MSVCP90.dll] [Microsoft Corporation, 9.00.21022.8]<br /> [C:&#092;Program Files&#092;Trillian&#092;images.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;core.dll] [Cerulean Studios, LLC, 4, 1, 0, 21]<br /> [C:&#092;Program Files&#092;Trillian&#092;jpeg62.dll] [Independent JPEG Group &lt;www.ijg.org&gt;, 6b.1961.25445]<br /> [C:&#092;Program Files&#092;Trillian&#092;libpng12.dll] [GnuWin32 &lt;http://gnuwin32.sourceforge.net&gt;, 1.2.34.3276]<br /> [C:&#092;Program Files&#092;Trillian&#092;libungif.dll] [, 4, 1, 4, 0]<br /> [C:&#092;Program Files&#092;Trillian&#092;expatxml.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [c:&#092;program files&#092;trillian&#092;languages&#092;en&#092;trillian.dll] [N/A, ]<br /> [C:&#092;Program Files&#092;Trillian&#092;toolkit.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;kdu_v43R.dll] [The University of New South Wales, 4, 3, 1, 1]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br /> [C:&#092;Program Files&#092;Trillian&#092;events.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;crypto.dll] [Cerulean Studios, LLC, 4, 1, 0, 21]<br /> [C:&#092;Program Files&#092;Trillian&#092;list.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;buddy.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;talk.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;plugins&#092;astra.dll] [Cerulean Studios, LLC, 4, 1, 0, 21]<br /> [C:&#092;Program Files&#092;Trillian&#092;libspeex.dll] [N/A, ]<br /> [C:&#092;Program Files&#092;Trillian&#092;plugins&#092;MSVCP90.dll] [Microsoft Corporation, 9.00.21022.8]<br /> [C:&#092;Program Files&#092;Trillian&#092;plugins&#092;MSVCR90.dll] [Microsoft Corporation, 9.00.21022.8]<br /> [c:&#092;program files&#092;trillian&#092;languages&#092;en&#092;toolkit.dll] [N/A, ]<br /> [c:&#092;program files&#092;trillian&#092;languages&#092;en&#092;events.dll] [N/A, ]<br /> [c:&#092;program files&#092;trillian&#092;languages&#092;en&#092;buddy.dll] [N/A, ]<br /> [c:&#092;program files&#092;trillian&#092;languages&#092;en&#092;talk.dll] [N/A, ]<br /> [C:&#092;Program Files&#092;Trillian&#092;plugins&#092;mail.dll] [Cerulean Studios, 4, 1, 0, 24]<br /> [C:&#092;Program Files&#092;Trillian&#092;plugins&#092;msn.dll] [Cerulean Studios, LLC, 4, 1, 0, 21]<br /> [C:&#092;WINDOWS&#092;System32&#092;wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]<br /> [C:&#092;WINDOWS&#092;System32&#092;msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]<br />[PID: 5052 / Windows XP][C:&#092;Documents and Settings&#092;Windows XP&#092;My Documents&#092;sreng2&#092;SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]<br /> [C:&#092;WINDOWS&#092;System32&#092;SYNCOR11.DLL] [SoundMAX, 1.2.2]<br /> [C:&#092;Documents and Settings&#092;Windows XP&#092;My Documents&#092;sreng2&#092;Upload&#092;3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]<br /><br />==================================<br />File Associations<br />.TXT OK. [%SystemRoot%&#092;system32&#092;NOTEPAD.EXE %1]<br />.EXE OK. [&quot;%1&quot; %*]<br />.COM OK. [&quot;%1&quot; %*]<br />.PIF OK. [&quot;%1&quot; %*]<br />.REG OK. [regedit.exe &quot;%1&quot;]<br />.BAT OK. [&quot;%1&quot; %*]<br />.SCR Error. [%1]<br />.CHM OK. [&quot;C:&#092;WINDOWS&#092;hh.exe&quot; %1]<br />.HLP OK. [%SystemRoot%&#092;System32&#092;winhlp32.exe %1]<br />.INI OK. [%SystemRoot%&#092;System32&#092;NOTEPAD.EXE %1]<br />.INF OK. [%SystemRoot%&#092;System32&#092;NOTEPAD.EXE %1]<br />.VBS OK. [%SystemRoot%&#092;System32&#092;WScript.exe &quot;%1&quot; %*]<br />.JS OK. [%SystemRoot%&#092;System32&#092;WScript.exe &quot;%1&quot; %*]<br />.LNK OK. [{00021401-0000-0000-C000-000000000046}]<br /><br />==================================<br />Winsock Provider<br />N/A<br /><br />==================================<br />Autorun.Inf<br />[C:&#092;]<br />[Autorun]<br />Open=Thumbs.com -a<br />ShellExecute=Thumbs.com<br />Shell&#092;Auto&#092;Command=Thumbs.com<br />Shell=Auto<br />[Definitions]<br />Launchpad=Thumbs.com<br />Vtype=1<br />[D:&#092;]<br />[Autorun]<br />Open=Thumbs.com -a<br />ShellExecute=Thumbs.com<br />Shell&#092;Auto&#092;Command=Thumbs.com<br />Shell=Auto<br />[Definitions]<br />Launchpad=Thumbs.com<br />Vtype=1<br /><br />==================================<br />HOSTS File<br />127.0.0.1 www.Brenz.pl<br />127.0.0.1 localhost<br /><br />==================================<br />Process Privileges Scan<br />Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1064, C:&#092;WINDOWS&#092;SYSTEM32&#092;SPOOLSV.EXE]<br />Special Privilege Enabled: SeLoadDriverPrivilege [PID = 360, C:&#092;PROGRAM FILES&#092;TENDA&#092;W541U&#092;UI.EXE]<br />Special Privilege Enabled: SeLoadDriverPrivilege [PID = 444, C:&#092;DOCUMENTS AND SETTINGS&#092;WINDOWS XP&#092;START MENU&#092;PROGRAMS&#092;STARTUP&#092;ADOBE ONLINE.COM]<br />Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1840, C:&#092;WINDOWS&#092;TEMP&#092;GGKTPFG.EXE]<br />Special Privilege Enabled: SeLoadDriverPrivilege [PID = 5124, C:&#092;DOCUMENTS AND SETTINGS&#092;WINDOWS XP&#092;START MENU&#092;PROGRAMS&#092;STARTUP&#092;ADOBE UPDATE.COM]<br />Special Privilege Enabled: SeLoadDriverPrivilege [PID = 5172, C:&#092;WINDOWS&#092;EXPLORER.EXE]<br /><br />==================================<br />API HOOK<br />Entrypoint Error: NtCreateFile (Dangerous Level: High, Hooked by Module: 0x7FFA64D2)<br />Entrypoint Error: NtCreateProcess (Dangerous Level: High, Hooked by Module: 0x7FFA6561)<br />Entrypoint Error: NtCreateProcessEx (Dangerous Level: High, Hooked by Module: 0x7FFA656E)<br />Entrypoint Error: NtQueryInformationProcess (Dangerous Level: High, Hooked by Module: 0x7FFA65AF)<br />Entrypoint Error: ZwCreateFile (Dangerous Level: High, Hooked by Module: 0x7FFA64D2)<br />Entrypoint Error: ZwCreateProcess (Dangerous Level: High, Hooked by Module: 0x7FFA6561)<br />Entrypoint Error: ZwCreateProcessEx (Dangerous Level: High, Hooked by Module: 0x7FFA656E)<br />Entrypoint Error: ZwOpenFile (Dangerous Level: High, Hooked by Module: 0x7FFA6557)<br />Entrypoint Error: ZwQueryInformationProcess (Dangerous Level: High, Hooked by Module: 0x7FFA65AF)<br /><br />==================================<br />Hidden Process<br /> [1932] c:&#092;lsass.exe<br /><br />==================================<br /><br />________________________________________________________________________________________________<br /><br />BTW,I have also tried Combofix removal tool from bleepingcomputer.com but unfortunately it could not start and says there could be file-patching virus in my PC.<br /><br />Tried DR.Web CureIt too(in safe mode) but it just halts saying &quot;Invalid path to virus database&quot;.<br /><br /><br />Please help.Thanks&#33; Ray78 Technical Support Mon, 28 Jun 2010 20:13:02 +0800 http://forum.lowyat.net/topic/1264131 <i><b>Ask your Questions - Chromehounds Japanese Producer</b><br /><br />So, I&#39;ve brokered what I hope to be a Q&amp;A with the Japanese producer, Nabeshima-san, on Chromehounds as a final send off for you, the fans, to interact with the development side of things. I&#39;m honestly not sure what the extent of the Q&amp;A portion of the message will be, but I do know that there is an opportunity, and I have a quick turnaround to get some questions . Let&#39;s roll the dice and see what we can get.<br /><br />Ok, so, if you have questions (and I expect you do), please write them below and I will compile and send along. No guarauntee that they will be answered, please remember to be respectful (hate posts will be ignored), and try to be clear in your question (so I don&#39;t have to guess as to the point). Cut off for the questions is Monday, December 21.<br /></i><br /><br /><br />LINK:<br /><a href='http://forums.sega.com/showthread.php?t=306988' target='_blank'>http://forums.sega.com/showthread.php?t=306988</a><br /><br /> Ray78 Xbox Fri, 18 Dec 2009 11:31:13 +0800