Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB drive and hidden files do not show up


  • This topic is locked This topic is locked
16 replies to this topic

#1 dmt87

dmt87

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 11 April 2009 - 04:02 AM

Hi gentle guys,

I have been thru the guidelines in "Am I infected" forum to clean my PC which seems infected still. I was directed by the assistants there to do a Hijack and post it here. I have done Hijack using RSIT and here is the log. Please take a look and kindly advise me what to do. Thank you so much in advance.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-04-11 16:53:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (6%) free of 20 GB
Total RAM: 511 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:22 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\trend micro\Don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S63D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [anhtaaa] C:\WINDOWS\system32\kacsde.exe
O4 - HKCU\..\Run: [dorfgwe] C:\WINDOWS\system32\uret463.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6801 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"=C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [2006-02-26 118485]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-03-24 3309568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-03-24 58880]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Device Detector"=DevDetect.exe -autorun []
"EPSON Stylus CX3900 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE [2006-02-21 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"RK Launcher"=C:\Program Files\RK Launcher\RKLauncher.exe [2005-10-19 393216]
"Alt+Q Hotkey Tool"=C:\WINDOWS\Alt+Q Hotkey.exe [2005-12-19 27648]
"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2006-01-02 15872]
"Yz Shadow"=C:\Program Files\YzShadow\YzShadow.exe [2006-02-24 172032]
"anhtaaa"=C:\WINDOWS\system32\kacsde.exe [2009-04-11 108167]
"dorfgwe"=C:\WINDOWS\system32\uret463.exe [2009-04-11 107729]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=C2FFFF03
"NoDriveAutoRun"=C2FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"D:\Games\Commandos 3\commandos3.exe"="D:\Games\Commandos 3\commandos3.exe:*:Disabled:commandos3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games\Need for speed\speed.exe"="D:\Games\Need for speed\speed.exe:*:Enabled:speed"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows NetMeeting"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]
shell\AutoRun\command - G:\bsp.cmd
shell\open\command - G:\bsp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345d-0ca4-11dd-a761-806d6172696f}]
shell\AutoRun\command - C:\bsp.cmd
shell\open\command - C:\bsp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345e-0ca4-11dd-a761-806d6172696f}]
shell\AutoRun\command - D:\bsp.cmd
shell\open\command - D:\bsp.cmd


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-04-11 16:53:16 ----D---- C:\Program Files\trend micro
2009-04-11 16:53:15 ----D---- C:\rsit
2009-04-11 16:41:07 ----RSH---- C:\WINDOWS\system32\godert1.dll
2009-04-11 16:40:32 ----RSH---- C:\WINDOWS\system32\uret463.exe
2009-04-11 16:40:32 ----RSH---- C:\WINDOWS\system32\lhgjyit0.dll
2009-04-11 16:39:58 ----N---- C:\WINDOWS\system32\godert0.dll
2009-04-11 12:58:26 ----RSH---- C:\bsp.cmd
2009-04-03 14:38:17 ----D---- C:\Documents and Settings\Don\Application Data\WinRAR
2009-04-03 14:11:22 ----D---- C:\WINDOWS\ERUNT
2009-04-03 14:06:13 ----D---- C:\SDFix
2009-04-03 13:33:19 ----RSH---- C:\j0mpdkja.cmd
2009-04-02 00:06:38 ----RSH---- C:\af93gcf.exe
2009-04-01 03:10:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 02:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-01 02:39:36 ----D---- C:\Documents and Settings\Don\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-01 01:19:16 ----RSH---- C:\om0.com
2009-03-31 01:54:50 ----RSH---- C:\WINDOWS\system32\kacsde.exe
2009-03-29 19:27:20 ----RSH---- C:\hqx292nu.exe
2009-03-29 19:11:14 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2009-03-29 19:11:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-29 19:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-14 00:07:26 ----RSH---- C:\3wy1vm.cmd
2009-03-13 18:43:45 ----RSH---- C:\s6muem.cmd
2009-03-11 19:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 19:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 19:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-05 18:46:03 ----RSH---- C:\gnwav.exe
2009-02-28 14:24:04 ----RSH---- C:\tt.com
2009-02-27 01:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-26 21:52:11 ----RSH---- C:\gxul.com
2009-02-22 17:36:25 ----D---- C:\Program Files\Common Files\Logitech
2009-02-22 17:36:25 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2009-02-22 17:36:18 ----D---- C:\Program Files\Logitech
2009-02-22 00:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2009-02-21 15:29:00 ----RSH---- C:\jg.com
2009-02-14 18:49:13 ----RSH---- C:\dgf.exe
2009-02-13 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-12 20:48:22 ----D---- C:\Documents and Settings\Don\Application Data\AVG7
2009-02-12 20:48:09 ----D---- C:\Program Files\Grisoft(2)
2009-02-12 20:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2009-02-12 20:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg7(2)

======List of files/folders modified in the last 2 months======

2009-04-11 16:53:16 ----RD---- C:\Program Files
2009-04-11 16:52:58 ----D---- C:\WINDOWS\Prefetch
2009-04-11 16:48:22 ----D---- C:\Program Files\Mozilla Firefox
2009-04-11 16:47:48 ----D---- C:\WINDOWS\WinSxS
2009-04-11 16:47:31 ----D---- C:\Config.Msi
2009-04-11 16:47:25 ----D---- C:\Program Files\Common Files
2009-04-11 16:47:19 ----SHD---- C:\WINDOWS\Installer
2009-04-11 16:41:07 ----D---- C:\WINDOWS\system32\drivers
2009-04-11 16:41:07 ----D---- C:\WINDOWS\system32
2009-04-11 16:40:12 ----HD---- C:\WINDOWS\inf
2009-04-11 16:40:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-11 16:40:09 ----D---- C:\WINDOWS\Temp
2009-04-11 16:39:58 ----HD---- C:\WINDOWS\FlyakiteOSX
2009-04-11 13:11:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-03 14:12:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-03 14:11:22 ----D---- C:\WINDOWS
2009-04-01 03:10:17 ----D---- C:\Documents and Settings
2009-03-31 01:55:56 ----D---- C:\Documents and Settings\Don\Application Data\uTorrent
2009-03-31 01:48:14 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-03-28 13:06:31 ----A---- C:\YServer.txt
2009-03-26 00:13:55 ----D---- C:\Documents and Settings\Don\Application Data\SolidDocuments
2009-03-22 18:55:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-22 18:21:18 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-03-22 15:37:00 ----D---- C:\WINDOWS\system32\DirectX
2009-03-22 15:36:59 ----RSD---- C:\WINDOWS\assembly
2009-03-13 19:04:47 ----A---- C:\WINDOWS\system32\MRT.INI
2009-03-11 19:48:43 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 19:01:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-03 02:00:22 ----D---- C:\Program Files\Soulseek
2009-02-26 04:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-22 17:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 17:39:40 ----D---- C:\Program Files\USB Vibration
2009-02-22 17:37:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-22 01:37:24 ----D---- C:\WINDOWS\system32\config
2009-02-22 01:37:12 ----D---- C:\WINDOWS\system32\wbem
2009-02-22 01:37:12 ----D---- C:\WINDOWS\Registration
2009-02-22 00:26:53 ----D---- C:\WINDOWS\system
2009-02-15 01:39:48 ----D---- C:\Program Files\NetMeeting
2009-02-14 18:41:06 ----D---- C:\Program Files\FlashGet
2009-02-14 18:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 17:45:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-14 17:41:00 ----D---- C:\Downloads
2009-02-14 03:01:05 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-22 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-22 25416]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-04 223128]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-12-27 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-24 1895648]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-04-17 10368]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2006-02-06 8410880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-24 110659]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 11 April 2009 - 06:25 AM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 11 April 2009 - 01:37 PM

Hi miekiemoes,

I have done a scan with Avira Antivirus and followed your instruction. Below is the Avira Antivirus full scan report, followed by the latest Hijack by RSIT. Please take a look and tell me what to do. Thank you.


Avira AntiVir Personal
Report file date: Sunday, April 12, 2009 01:05

Scanning for 1347111 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TUAN

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 3/24/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 04:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 02:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 03:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 02:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 04:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 12:33:26
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 4/1/2009 17:04:15
ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 4/11/2009 17:04:17
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 09:36:42
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 4/11/2009 17:04:32
AESCN.DLL : 8.1.1.10 127348 Bytes 4/11/2009 17:04:29
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 10:24:41
AEPACK.DLL : 8.1.3.12 397687 Bytes 4/11/2009 17:04:28
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/26/2009 12:01:56
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 4/11/2009 17:04:25
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/26/2009 12:01:56
AEGEN.DLL : 8.1.1.33 340340 Bytes 4/11/2009 17:04:19
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 06:32:40
AECORE.DLL : 8.1.6.7 176502 Bytes 4/11/2009 17:04:18
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 06:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 00:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 02:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 06:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 02:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/8/2009 23:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 02:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 07:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 00:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 02:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 03:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 07:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, April 12, 2009 01:05

Starting search for hidden objects.
'40942' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'UniKeyNT.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'YAHOOM~1.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ewidoctrl.exe' - '1' Module(s) have been scanned
Scan process 'YzShadow.exe' - '1' Module(s) have been scanned
Scan process 'winroll.exe' - '1' Module(s) have been scanned
Scan process 'Alt+Q Hotkey.exe' - '1' Module(s) have been scanned
Scan process 'RKLauncher.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DevDetect.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '61' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\1irqtv.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\3wy1vm.cmd
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz worm
C:\6vu680.com
[DETECTION] Contains recognition pattern of the WORM/Autorun.xfc.7 worm
C:\af93gcf.exe
[DETECTION] Is the TR/Drop.Cingo.K Trojan
C:\dgf.exe
[DETECTION] Is the TR/PSW.Magania.aveu Trojan
C:\gnwav.exe
[DETECTION] Is the TR/Agent.fgr.2 Trojan
C:\gxul.com
[DETECTION] Is the TR/PSW.Magania.aul Trojan
C:\hqx292nu.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
C:\jg.com
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.13 worm
C:\om0.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\s6muem.cmd
[DETECTION] Is the TR/Drop.Onlineg.mxd Trojan
C:\tt.com
[DETECTION] Is the TR/Magania.104545 Trojan
C:\Downloads\Software\ssg.aud2.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the TR/PSWeric5.AFKC Trojan
C:\Downloads\Software\AVG 7.5 Professional Build 425 + Keygen;\AVG Professional 7.5 Incl Keygen.rar
[0] Archive type: RAR
--> keygen.exe
--> Object
[2] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the ADSPY/Agent.AU adware or spyware
C:\Downloads\Software\AVG 7.5 Professional Build 425 + Keygen;\keygen.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the ADSPY/Agent.AU adware or spyware
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045604.exe
[DETECTION] Is the TR/Drop.OnGa.BM Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045605.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045611.exe
[DETECTION] Is the TR/Drop.OnGa.BN Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045613.dll
[DETECTION] Is the TR/Dldr.Agent.ksc Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045626.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.14 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045627.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045631.exe
[DETECTION] Is the TR/PSW.Magania.axxi Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045634.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045708.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045709.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045710.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045711.bat
[DETECTION] Is the TR/PSW.Magania.aula Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045712.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045713.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045714.cmd
[DETECTION] Is the TR/PSW.OnLineGa.GDW Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045715.com
[DETECTION] Is the TR/Drop.OnGa.BI Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045716.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045717.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045718.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045719.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045728.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045729.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.17 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045733.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.17 worm
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045736.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046815.exe
[DETECTION] Is the TR/Drop.Onlineg.wud Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046825.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046827.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046831.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046832.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046833.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046834.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046844.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046845.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046849.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046850.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046851.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046855.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046869.exe
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046870.dll
[DETECTION] Is the TR/PSW.Magania.axxn Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046871.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046872.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046878.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046882.exe
[DETECTION] Is the TR/PSW.OnlineGames.uufa Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046886.exe
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046887.dll
[DETECTION] Is the TR/PSW.Magania.axze Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046888.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046891.dll
[DETECTION] Is the TR/PSW.Magania.axze Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046892.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046896.exe
[DETECTION] Is the TR/PSW.OnlineGames.uufa Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046900.exe
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046901.dll
[DETECTION] Is the TR/PSW.Magania.axze Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046902.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046906.exe
[DETECTION] Is the TR/PSW.OnlineGames.uufa Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046912.exe
[DETECTION] Is the TR/Drop.Cingo.K Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046913.dll
[DETECTION] Is the TR/PSW.Magania.aylk Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046914.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046919.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046920.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046931.exe
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046933.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046976.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046979.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046983.exe
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046985.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046988.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046992.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0047008.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047022.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047027.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047028.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047031.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048027.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048028.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048033.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048038.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048639.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048640.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048644.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048645.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP276\A0048656.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP276\A0048660.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\godert0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\godert1.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd2893.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\1irqtv.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\3iugonx.com
[DETECTION] Is the TR/Drop.OnGa.BI Trojan
D:\3wy1vm.cmd
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz worm
D:\6vu680.com
[DETECTION] Contains recognition pattern of the WORM/Autorun.xfc.7 worm
D:\8oupido.bat
[DETECTION] Is the TR/PSW.Magania.aula Trojan
D:\af93gcf.exe
[DETECTION] Is the TR/Drop.Cingo.K Trojan
D:\dgf.exe
[DETECTION] Is the TR/PSW.Magania.aveu Trojan
D:\gnwav.exe
[DETECTION] Is the TR/Agent.fgr.2 Trojan
D:\gxul.com
[DETECTION] Is the TR/PSW.Magania.aul Trojan
D:\hqx292nu.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
D:\jg.com
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.13 worm
D:\om0.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
D:\s6muem.cmd
[DETECTION] Is the TR/Drop.Onlineg.mxd Trojan
D:\tlmjw.cmd
[DETECTION] Is the TR/PSW.OnLineGa.GDW Trojan
D:\tt.com
[DETECTION] Is the TR/Magania.104545 Trojan
D:\Hiep\_OJOsoft.TotalVideoConverter.2.0.0.0430.full.rar\Patch.exe
[DETECTION] Is the TR/Agent.532992.D Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045722.cmd
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz worm
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045731.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.17 worm
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046817.exe
[DETECTION] Is the TR/Drop.Onlineg.wud Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046829.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046836.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046847.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046857.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046880.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046894.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046922.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046977.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046990.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047033.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048035.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048040.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048647.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP276\A0048658.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\1irqtv.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a52df3b.qua'!
C:\3wy1vm.cmd
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz worm
[NOTE] The file was moved to '4a59df49.qua'!
C:\6vu680.com
[DETECTION] Contains recognition pattern of the WORM/Autorun.xfc.7 worm
[NOTE] The file was moved to '4a55df48.qua'!
C:\af93gcf.exe
[DETECTION] Is the TR/Drop.Cingo.K Trojan
[NOTE] The file was moved to '4a19df38.qua'!
C:\dgf.exe
[DETECTION] Is the TR/PSW.Magania.aveu Trojan
[NOTE] The file was moved to '4a46df39.qua'!
C:\gnwav.exe
[DETECTION] Is the TR/Agent.fgr.2 Trojan
[NOTE] The file was moved to '4a57df40.qua'!
C:\gxul.com
[DETECTION] Is the TR/PSW.Magania.aul Trojan
[NOTE] The file was moved to '4a55df4a.qua'!
C:\hqx292nu.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '4a58df43.qua'!
C:\jg.com
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.13 worm
[NOTE] The file was moved to '4a0edf39.qua'!
C:\om0.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4a10df3f.qua'!
C:\s6muem.cmd
[DETECTION] Is the TR/Drop.Onlineg.mxd Trojan
[NOTE] The file was moved to '4a4ddf08.qua'!
C:\tt.com
[DETECTION] Is the TR/Magania.104545 Trojan
[NOTE] The file was moved to '4a0edf46.qua'!
C:\Downloads\Software\ssg.aud2.rar
[NOTE] The file was moved to '4a47df45.qua'!
C:\Downloads\Software\AVG 7.5 Professional Build 425 + Keygen;\AVG Professional 7.5 Incl Keygen.rar
[NOTE] The file was moved to '4a27df40.qua'!
C:\Downloads\Software\AVG 7.5 Professional Build 425 + Keygen;\keygen.exe
[NOTE] The file was moved to '4a59df56.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045604.exe
[DETECTION] Is the TR/Drop.OnGa.BM Trojan
[NOTE] The file was moved to '4a10df21.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045605.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
[NOTE] The file was moved to '4958f742.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045611.exe
[DETECTION] Is the TR/Drop.OnGa.BN Trojan
[NOTE] The file was moved to '4956c7f2.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045613.dll
[DETECTION] Is the TR/Dldr.Agent.ksc Trojan
[NOTE] The file was moved to '4957ffba.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045626.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.14 worm
[NOTE] The file was moved to '4954d662.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045627.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
[NOTE] The file was moved to '49512692.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045631.exe
[DETECTION] Is the TR/PSW.Magania.axxi Trojan
[NOTE] The file was moved to '4959ef0a.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP269\A0045634.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495ae8d2.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045708.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '495c98a2.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045709.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '495d906a.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045710.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '495e8832.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045711.bat
[DETECTION] Is the TR/PSW.Magania.aula Trojan
[NOTE] The file was moved to '4a10df22.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045712.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4940b8a3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045713.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4941b06b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045714.cmd
[DETECTION] Is the TR/PSW.OnLineGa.GDW Trojan
[NOTE] The file was moved to '4942a833.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045715.com
[DETECTION] Is the TR/Drop.OnGa.BI Trojan
[NOTE] The file was moved to '4943a1fb.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045716.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
[NOTE] The file was moved to '49445983.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045717.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4945514b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045718.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '49464913.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045719.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to '494742db.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045728.dll
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz.1 worm
[NOTE] The file was moved to '49487ae3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045729.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.17 worm
[NOTE] The file was moved to '494972ab.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045733.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.17 worm
[NOTE] The file was moved to '494a6a73.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045736.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '494b623b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046815.exe
[DETECTION] Is the TR/Drop.Onlineg.wud Trojan
[NOTE] The file was moved to '494c1bc3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046825.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '494d138b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046827.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '494e0b53.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046831.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '494f031b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046832.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '49703b23.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046833.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497134eb.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046834.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '49722cb3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046844.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4973247b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046845.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '4975dc03.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046849.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '4976d5cb.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046850.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4977cd93.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046851.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4978c55b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046855.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4979fd63.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046869.exe
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '497af52b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046870.dll
[DETECTION] Is the TR/PSW.Magania.axxn Trojan
[NOTE] The file was moved to '497beef3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046871.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497ce6bb.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046872.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '497d9e43.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046878.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '497e960b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046882.exe
[DETECTION] Is the TR/PSW.OnlineGames.uufa Trojan
[NOTE] The file was moved to '497f8fd3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046886.exe
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4960879b.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046887.dll
[DETECTION] Is the TR/PSW.Magania.axze Trojan
[NOTE] The file was moved to '4961bfa3.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046888.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a10df23.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046891.dll
[DETECTION] Is the TR/PSW.Magania.axze Trojan
[NOTE] The file was moved to '4963af34.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046892.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4964a8fc.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046896.exe
[DETECTION] Is the TR/PSW.OnlineGames.uufa Trojan
[NOTE] The file was moved to '4965a084.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046900.exe
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4966584c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046901.dll
[DETECTION] Is the TR/PSW.Magania.axze Trojan
[NOTE] The file was moved to '49675014.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046902.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '496849dc.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046906.exe
[DETECTION] Is the TR/PSW.OnlineGames.uufa Trojan
[NOTE] The file was moved to '496941e4.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046912.exe
[DETECTION] Is the TR/Drop.Cingo.K Trojan
[NOTE] The file was moved to '496a79ac.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046913.dll
[DETECTION] Is the TR/PSW.Magania.aylk Trojan
[NOTE] The file was moved to '496b7174.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046914.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '496c693c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046919.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e1f3104.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046920.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e002acc.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046931.exe
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e012294.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046933.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e03da5c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046976.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e04d264.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046979.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e05ca2c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046983.exe
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e06c3f4.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046985.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e07fbbc.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046988.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e08f344.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046992.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e09eb0c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0047008.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e0ae4d4.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047022.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e0b9c9c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047027.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e0c94a4.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047028.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e0d8c6c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047031.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e0e8434.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048027.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e0fbdfc.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048028.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e30b584.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048033.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e31ad4c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048038.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e32a514.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048639.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e335edc.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048640.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e3456e4.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048644.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e354eac.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048645.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e364674.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP276\A0048656.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e377e3c.qua'!
C:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP276\A0048660.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e3877c4.qua'!
C:\WINDOWS\system32\godert0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a44df62.qua'!
C:\WINDOWS\system32\godert1.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a44df63.qua'!
D:\1irqtv.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a52df60.qua'!
D:\3iugonx.com
[DETECTION] Is the TR/Drop.OnGa.BI Trojan
[NOTE] The file was moved to '4a55df60.qua'!
D:\3wy1vm.cmd
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz worm
[NOTE] The file was moved to '4a59df6f.qua'!
D:\6vu680.com
[DETECTION] Contains recognition pattern of the WORM/Autorun.xfc.7 worm
[NOTE] The file was moved to '4a55df6e.qua'!
D:\8oupido.bat
[DETECTION] Is the TR/PSW.Magania.aula Trojan
[NOTE] The file was moved to '4a55df67.qua'!
D:\af93gcf.exe
[DETECTION] Is the TR/Drop.Cingo.K Trojan
[NOTE] The file was moved to '4a19df5e.qua'!
D:\dgf.exe
[DETECTION] Is the TR/PSW.Magania.aveu Trojan
[NOTE] The file was moved to '4a46df5f.qua'!
D:\gnwav.exe
[DETECTION] Is the TR/Agent.fgr.2 Trojan
[NOTE] The file was moved to '4a57df66.qua'!
D:\gxul.com
[DETECTION] Is the TR/PSW.Magania.aul Trojan
[NOTE] The file was moved to '4a55df70.qua'!
D:\hqx292nu.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '4a58df69.qua'!
D:\jg.com
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.13 worm
[NOTE] The file was moved to '4a0edf5f.qua'!
D:\om0.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4a10df65.qua'!
D:\s6muem.cmd
[DETECTION] Is the TR/Drop.Onlineg.mxd Trojan
[NOTE] The file was moved to '4a4ddf2e.qua'!
D:\tlmjw.cmd
[DETECTION] Is the TR/PSW.OnLineGa.GDW Trojan
[NOTE] The file was moved to '4a4ddf64.qua'!
D:\tt.com
[DETECTION] Is the TR/Magania.104545 Trojan
[NOTE] The file was moved to '4a0edf6c.qua'!
D:\Hiep\_OJOsoft.TotalVideoConverter.2.0.0.0430.full.rar\Patch.exe
[DETECTION] Is the TR/Agent.532992.D Trojan
[NOTE] The file was moved to '4a54df59.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045722.cmd
[DETECTION] Contains recognition pattern of the WORM/Buzus.aqaz worm
[NOTE] The file was moved to '4a10df28.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0045731.exe
[DETECTION] Contains recognition pattern of the WORM/Taterf.B.17 worm
[NOTE] The file was moved to '4e3a6759.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046817.exe
[DETECTION] Is the TR/Drop.Onlineg.wud Trojan
[NOTE] The file was moved to '4c6eeeb9.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP270\A0046829.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '496d62c9.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046836.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '4e2c32f1.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP271\A0046847.exe
[DETECTION] Is the TR/PSW.Magania.axxq Trojan
[NOTE] The file was moved to '4e222439.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046857.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4a10df29.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046880.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4e25d58a.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP272\A0046894.com
[DETECTION] Is the TR/PSW.Magania.ayan Trojan
[NOTE] The file was moved to '4e26cd42.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046922.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e27c51a.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046977.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e28fed2.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP273\A0046990.cmd
[DETECTION] Is the TR/PSW.Magania.aydb Trojan
[NOTE] The file was moved to '4e29f6ea.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0047033.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e2aeea2.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP274\A0048035.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e52511a.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048040.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e534982.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP275\A0048647.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e54415a.qua'!
D:\System Volume Information\_restore{82A05E2B-4379-42F3-B866-6181A9AD231E}\RP276\A0048658.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4e557912.qua'!


End of the scan: Sunday, April 12, 2009 02:18
Used time: 1:10:00 Hour(s)

The scan has been done completely.

6455 Scanned directories
233987 Files were scanned
131 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
131 Files were moved to quarantine
0 Files were renamed
5 Files cannot be scanned
233851 Files not concerned
1753 Archives were scanned
6 Warnings
132 Notes
40942 Objects were scanned with rootkit scan
0 Hidden objects were found


------------------------------------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-04-12 02:27:37
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (5%) free of 20 GB
Total RAM: 511 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:44 AM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S63D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [anhtaaa] C:\WINDOWS\system32\kacsde.exe
O4 - HKCU\..\Run: [dorfgwe] C:\WINDOWS\system32\uret463.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7229 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"=C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [2006-02-26 118485]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-03-24 3309568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-03-24 58880]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Device Detector"=DevDetect.exe -autorun []
"EPSON Stylus CX3900 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE [2006-02-21 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"RK Launcher"=C:\Program Files\RK Launcher\RKLauncher.exe [2005-10-19 393216]
"Alt+Q Hotkey Tool"=C:\WINDOWS\Alt+Q Hotkey.exe [2005-12-19 27648]
"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2006-01-02 15872]
"Yz Shadow"=C:\Program Files\YzShadow\YzShadow.exe [2006-02-24 172032]
"anhtaaa"=C:\WINDOWS\system32\kacsde.exe [2009-04-11 108167]
"dorfgwe"=C:\WINDOWS\system32\uret463.exe [2009-04-12 107184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=C2FFFF03
"NoDriveAutoRun"=C2FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"D:\Games\Commandos 3\commandos3.exe"="D:\Games\Commandos 3\commandos3.exe:*:Disabled:commandos3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games\Need for speed\speed.exe"="D:\Games\Need for speed\speed.exe:*:Enabled:speed"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows NetMeeting"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]
shell\AutoRun\command - G:\bsp.cmd
shell\open\command - G:\bsp.cmd


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-04-12 02:27:21 ----RSH---- C:\WINDOWS\system32\uret463.exe
2009-04-12 02:26:43 ----N---- C:\WINDOWS\system32\godert0.dll
2009-04-12 00:58:51 ----D---- C:\Program Files\Avira
2009-04-12 00:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-11 16:53:16 ----D---- C:\Program Files\trend micro
2009-04-11 16:53:15 ----D---- C:\rsit
2009-04-03 14:38:17 ----D---- C:\Documents and Settings\Don\Application Data\WinRAR
2009-04-03 14:11:22 ----D---- C:\WINDOWS\ERUNT
2009-04-03 14:06:13 ----D---- C:\SDFix
2009-04-03 13:33:19 ----RSH---- C:\j0mpdkja.cmd
2009-04-01 03:10:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 02:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-01 02:39:36 ----D---- C:\Documents and Settings\Don\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-31 01:54:50 ----RSH---- C:\WINDOWS\system32\kacsde.exe
2009-03-29 19:11:14 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2009-03-29 19:11:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-29 19:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-11 19:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 19:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 19:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-27 01:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-22 17:36:25 ----D---- C:\Program Files\Common Files\Logitech
2009-02-22 17:36:25 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2009-02-22 17:36:18 ----D---- C:\Program Files\Logitech
2009-02-22 00:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2009-02-13 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 2 months======

2009-04-12 02:27:25 ----D---- C:\WINDOWS\system32
2009-04-12 02:27:21 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 02:27:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-12 02:27:07 ----D---- C:\WINDOWS\Temp
2009-04-12 02:27:02 ----D---- C:\WINDOWS
2009-04-12 02:26:44 ----HD---- C:\WINDOWS\FlyakiteOSX
2009-04-12 02:25:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-12 02:23:20 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 01:39:56 ----D---- C:\WINDOWS\Prefetch
2009-04-12 00:59:02 ----HD---- C:\WINDOWS\inf
2009-04-12 00:58:51 ----RD---- C:\Program Files
2009-04-12 00:58:15 ----SHD---- C:\WINDOWS\Installer
2009-04-12 00:58:15 ----D---- C:\Config.Msi
2009-04-12 00:58:13 ----D---- C:\WINDOWS\WinSxS
2009-04-12 00:58:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 16:47:25 ----D---- C:\Program Files\Common Files
2009-04-03 14:12:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 03:10:17 ----D---- C:\Documents and Settings
2009-03-31 01:55:56 ----D---- C:\Documents and Settings\Don\Application Data\uTorrent
2009-03-31 01:48:14 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-03-28 13:06:31 ----A---- C:\YServer.txt
2009-03-26 00:13:55 ----D---- C:\Documents and Settings\Don\Application Data\SolidDocuments
2009-03-22 18:55:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-22 18:21:18 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-03-22 15:37:00 ----D---- C:\WINDOWS\system32\DirectX
2009-03-22 15:36:59 ----RSD---- C:\WINDOWS\assembly
2009-03-13 19:04:47 ----A---- C:\WINDOWS\system32\MRT.INI
2009-03-11 19:48:43 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 19:01:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-03 02:00:22 ----D---- C:\Program Files\Soulseek
2009-02-26 04:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-22 17:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 17:39:40 ----D---- C:\Program Files\USB Vibration
2009-02-22 17:37:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-22 01:37:24 ----D---- C:\WINDOWS\system32\config
2009-02-22 01:37:12 ----D---- C:\WINDOWS\system32\wbem
2009-02-22 01:37:12 ----D---- C:\WINDOWS\Registration
2009-02-22 01:32:23 ----D---- C:\Documents and Settings\Don\Application Data\AVG7
2009-02-22 00:26:53 ----D---- C:\WINDOWS\system
2009-02-15 01:39:48 ----D---- C:\Program Files\NetMeeting
2009-02-14 18:41:06 ----D---- C:\Program Files\FlashGet
2009-02-14 18:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 17:45:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-14 17:41:00 ----D---- C:\Downloads
2009-02-14 03:01:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-14 02:34:01 ----D---- C:\Program Files\Grisoft(2)
2009-02-14 02:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2009-02-14 02:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\avg7(2)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-22 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-22 25416]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-04 223128]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-12-27 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-24 1895648]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-04-17 10368]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2006-02-06 8410880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-24 110659]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

-----------------EOF-----------------

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 12 April 2009 - 05:12 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 12 April 2009 - 10:36 AM

Hi miekiemoes,

I have MBAM installed since I was assisted in "Am I infected" forum. I have done a quick scan with MBAM and here is the log. Next to it is the latest Hijack log which was done after the reboot. Please give me next advice. Thank you.


Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 3

4/12/2009 11:20:49 PM
mbam-log-2009-04-12 (23-20-49).txt

Scan type: Quick Scan
Objects scanned: 71368
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\godert0.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anhtaaa (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dorfgwe (Spyware.OnLineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kacsde.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\godert0.dll (Spyware.OnlineGames) -> Delete on reboot.


---------------------------------------



Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-04-12 23:23:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (6%) free of 20 GB
Total RAM: 511 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:22 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\trend micro\Don.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S63D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7109 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"=C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [2006-02-26 118485]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-03-24 3309568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-03-24 58880]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Device Detector"=DevDetect.exe -autorun []
"EPSON Stylus CX3900 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE [2006-02-21 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"RK Launcher"=C:\Program Files\RK Launcher\RKLauncher.exe [2005-10-19 393216]
"Alt+Q Hotkey Tool"=C:\WINDOWS\Alt+Q Hotkey.exe [2005-12-19 27648]
"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2006-01-02 15872]
"Yz Shadow"=C:\Program Files\YzShadow\YzShadow.exe [2006-02-24 172032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=C2FFFF03
"NoDriveAutoRun"=C2FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"D:\Games\Commandos 3\commandos3.exe"="D:\Games\Commandos 3\commandos3.exe:*:Disabled:commandos3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games\Need for speed\speed.exe"="D:\Games\Need for speed\speed.exe:*:Enabled:speed"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows NetMeeting"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]
shell\AutoRun\command - G:\bsp.cmd
shell\open\command - G:\bsp.cmd


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-04-12 00:58:51 ----D---- C:\Program Files\Avira
2009-04-12 00:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-11 16:53:16 ----D---- C:\Program Files\trend micro
2009-04-11 16:53:15 ----D---- C:\rsit
2009-04-03 14:38:17 ----D---- C:\Documents and Settings\Don\Application Data\WinRAR
2009-04-03 14:11:22 ----D---- C:\WINDOWS\ERUNT
2009-04-03 14:06:13 ----D---- C:\SDFix
2009-04-03 13:33:19 ----RSH---- C:\j0mpdkja.cmd
2009-04-01 03:10:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 02:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-01 02:39:36 ----D---- C:\Documents and Settings\Don\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-29 19:11:14 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2009-03-29 19:11:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-29 19:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-11 19:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 19:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 19:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-27 01:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-22 17:36:25 ----D---- C:\Program Files\Common Files\Logitech
2009-02-22 17:36:25 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2009-02-22 17:36:18 ----D---- C:\Program Files\Logitech
2009-02-22 00:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2009-02-13 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

======List of files/folders modified in the last 2 months======

2009-04-12 23:23:01 ----HD---- C:\WINDOWS\FlyakiteOSX
2009-04-12 23:22:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-12 23:22:46 ----D---- C:\WINDOWS\Temp
2009-04-12 23:22:07 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 23:22:07 ----D---- C:\WINDOWS\system32
2009-04-12 23:22:07 ----D---- C:\WINDOWS
2009-04-12 23:21:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-12 23:21:24 ----D---- C:\WINDOWS\Prefetch
2009-04-12 23:12:18 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 00:59:02 ----HD---- C:\WINDOWS\inf
2009-04-12 00:58:51 ----RD---- C:\Program Files
2009-04-12 00:58:15 ----SHD---- C:\WINDOWS\Installer
2009-04-12 00:58:15 ----D---- C:\Config.Msi
2009-04-12 00:58:13 ----D---- C:\WINDOWS\WinSxS
2009-04-12 00:58:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 16:47:25 ----D---- C:\Program Files\Common Files
2009-04-03 14:12:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 03:10:17 ----D---- C:\Documents and Settings
2009-03-31 01:55:56 ----D---- C:\Documents and Settings\Don\Application Data\uTorrent
2009-03-31 01:48:14 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-03-28 13:06:31 ----A---- C:\YServer.txt
2009-03-26 00:13:55 ----D---- C:\Documents and Settings\Don\Application Data\SolidDocuments
2009-03-22 18:55:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-22 18:21:18 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-03-22 15:37:00 ----D---- C:\WINDOWS\system32\DirectX
2009-03-22 15:36:59 ----RSD---- C:\WINDOWS\assembly
2009-03-13 19:04:47 ----A---- C:\WINDOWS\system32\MRT.INI
2009-03-11 19:48:43 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 19:01:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-03 02:00:22 ----D---- C:\Program Files\Soulseek
2009-02-26 04:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-22 17:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 17:39:40 ----D---- C:\Program Files\USB Vibration
2009-02-22 17:37:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-22 01:37:24 ----D---- C:\WINDOWS\system32\config
2009-02-22 01:37:12 ----D---- C:\WINDOWS\system32\wbem
2009-02-22 01:37:12 ----D---- C:\WINDOWS\Registration
2009-02-22 01:32:23 ----D---- C:\Documents and Settings\Don\Application Data\AVG7
2009-02-22 00:26:53 ----D---- C:\WINDOWS\system
2009-02-15 01:39:48 ----D---- C:\Program Files\NetMeeting
2009-02-14 18:41:06 ----D---- C:\Program Files\FlashGet
2009-02-14 18:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 17:45:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-14 17:41:00 ----D---- C:\Downloads
2009-02-14 03:01:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-14 02:34:01 ----D---- C:\Program Files\Grisoft(2)
2009-02-14 02:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2009-02-14 02:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\avg7(2)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-22 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-22 25416]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-04 223128]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-24 1895648]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-04-17 10368]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2006-02-06 8410880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-12-27 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-24 110659]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

-----------------EOF-----------------

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 12 April 2009 - 11:40 AM

Hi,

Not sure if you have read the MBAM instructions I posted previously, because I see you are still using an outdated version and database. This is what I posted in my previous post:

In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.

So please update and then scan again.
Then post the new logs in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 12 April 2009 - 01:12 PM

Opss I'm sorry I missed out that point. I have just updated MBAM to the latest version and completed a quick scan. Below is the MBAM quick scan log followed by the latest Hijack after a reboot. Please tell me the next step. Thank you !


Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

4/13/2009 1:56:21 AM
mbam-log-2009-04-13 (01-56-21).txt

Scan type: Quick Scan
Objects scanned: 72684
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\j0mpdkja.cmd (Spyware.OnlineGames) -> Quarantined and deleted successfully.

----------------------------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-04-13 02:05:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (6%) free of 20 GB
Total RAM: 511 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:58 AM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\trend micro\Don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S63D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7019 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"=C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [2006-02-26 118485]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-03-24 3309568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-03-24 58880]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Device Detector"=DevDetect.exe -autorun []
"EPSON Stylus CX3900 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE [2006-02-21 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"RK Launcher"=C:\Program Files\RK Launcher\RKLauncher.exe [2005-10-19 393216]
"Alt+Q Hotkey Tool"=C:\WINDOWS\Alt+Q Hotkey.exe [2005-12-19 27648]
"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2006-01-02 15872]
"Yz Shadow"=C:\Program Files\YzShadow\YzShadow.exe [2006-02-24 172032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=C2FFFF03
"NoDriveAutoRun"=C2FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"D:\Games\Commandos 3\commandos3.exe"="D:\Games\Commandos 3\commandos3.exe:*:Disabled:commandos3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games\Need for speed\speed.exe"="D:\Games\Need for speed\speed.exe:*:Enabled:speed"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows NetMeeting"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]
shell\AutoRun\command - G:\bsp.cmd
shell\open\command - G:\bsp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345d-0ca4-11dd-a761-806d6172696f}]
shell\AutoRun\command - bsp.cmd
shell\open\command - bsp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345e-0ca4-11dd-a761-806d6172696f}]
shell\AutoRun\command - bsp.cmd
shell\open\command - bsp.cmd


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-04-12 00:58:51 ----D---- C:\Program Files\Avira
2009-04-12 00:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-11 16:53:16 ----D---- C:\Program Files\trend micro
2009-04-11 16:53:15 ----D---- C:\rsit
2009-04-03 14:38:17 ----D---- C:\Documents and Settings\Don\Application Data\WinRAR
2009-04-03 14:11:22 ----D---- C:\WINDOWS\ERUNT
2009-04-03 14:06:13 ----D---- C:\SDFix
2009-04-01 03:10:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 02:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-01 02:39:36 ----D---- C:\Documents and Settings\Don\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-29 19:11:14 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2009-03-29 19:11:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-29 19:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-11 19:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 19:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 19:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-27 01:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-22 17:36:25 ----D---- C:\Program Files\Common Files\Logitech
2009-02-22 17:36:25 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2009-02-22 17:36:18 ----D---- C:\Program Files\Logitech
2009-02-22 00:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(3)

======List of files/folders modified in the last 2 months======

2009-04-13 01:58:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-13 01:58:45 ----D---- C:\WINDOWS\Temp
2009-04-13 01:58:26 ----HD---- C:\WINDOWS\FlyakiteOSX
2009-04-13 01:57:58 ----RD---- C:\Program Files
2009-04-13 01:57:58 ----D---- C:\WINDOWS\system32\drivers
2009-04-13 01:57:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-13 01:50:58 ----D---- C:\WINDOWS\Prefetch
2009-04-13 01:43:34 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 23:22:07 ----D---- C:\WINDOWS\system32
2009-04-12 23:22:07 ----D---- C:\WINDOWS
2009-04-12 00:59:02 ----HD---- C:\WINDOWS\inf
2009-04-12 00:58:15 ----SHD---- C:\WINDOWS\Installer
2009-04-12 00:58:15 ----D---- C:\Config.Msi
2009-04-12 00:58:13 ----D---- C:\WINDOWS\WinSxS
2009-04-12 00:58:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 16:47:25 ----D---- C:\Program Files\Common Files
2009-04-03 14:12:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 03:10:17 ----D---- C:\Documents and Settings
2009-03-31 01:55:56 ----D---- C:\Documents and Settings\Don\Application Data\uTorrent
2009-03-31 01:48:14 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-03-28 13:06:31 ----A---- C:\YServer.txt
2009-03-26 00:13:55 ----D---- C:\Documents and Settings\Don\Application Data\SolidDocuments
2009-03-22 18:55:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-22 18:21:18 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-03-22 15:37:00 ----D---- C:\WINDOWS\system32\DirectX
2009-03-22 15:36:59 ----RSD---- C:\WINDOWS\assembly
2009-03-13 19:04:47 ----A---- C:\WINDOWS\system32\MRT.INI
2009-03-11 19:48:43 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 19:01:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-03 02:00:22 ----D---- C:\Program Files\Soulseek
2009-02-26 04:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-22 17:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 17:39:40 ----D---- C:\Program Files\USB Vibration
2009-02-22 17:37:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-22 01:37:24 ----D---- C:\WINDOWS\system32\config
2009-02-22 01:37:12 ----D---- C:\WINDOWS\system32\wbem
2009-02-22 01:37:12 ----D---- C:\WINDOWS\Registration
2009-02-22 01:32:23 ----D---- C:\Documents and Settings\Don\Application Data\AVG7
2009-02-22 00:26:53 ----D---- C:\WINDOWS\system
2009-02-15 01:39:48 ----D---- C:\Program Files\NetMeeting
2009-02-14 18:41:06 ----D---- C:\Program Files\FlashGet
2009-02-14 18:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 17:45:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-14 17:41:00 ----D---- C:\Downloads
2009-02-14 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-14 03:01:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-14 02:34:01 ----D---- C:\Program Files\Grisoft(2)
2009-02-14 02:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2009-02-14 02:34:01 ----D---- C:\Documents and Settings\All Users\Application Data\avg7(2)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-22 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-22 25416]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-04 223128]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-24 1895648]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-04-17 10368]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2006-02-06 8410880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-12-27 42496]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-24 110659]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

-----------------EOF-----------------

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 13 April 2009 - 01:53 AM

Hi,

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345e-0ca4-11dd-a761-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345d-0ca4-11dd-a761-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Let me know in your next reply how things are now.

Edited by miekiemoes, 13 April 2009 - 01:54 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 13 April 2009 - 11:44 AM

Hi miekiemoes,

I have followed your instructions but I see no visible changes as the problem is still there. The system still doesn't show hidden files or USB drive when plugged in. Further, I notice now I can't open my local disks. It shows this thing whenever I click to open one of the 2 local disks (please take a look at the screenshot attached). I have done the latest Hijack log and posted below in case you need it. If you don't, please just ignore it then.

Please tell me what to do next. Thank you for your patient assistance.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-04-14 00:19:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (6%) free of 20 GB
Total RAM: 511 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:09 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\trend micro\Don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE /FU "C:\WINDOWS\TEMP\E_S63D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7099 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
IeCatch5 Class - C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-19 817936]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{259F616C-A300-44F5-B04A-ED001A26C85C} - Solid Converter PDF - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll [2005-03-05 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"=C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe [2006-02-26 118485]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-03-24 3309568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-03-24 58880]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Device Detector"=DevDetect.exe -autorun []
"EPSON Stylus CX3900 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE [2006-02-21 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"RK Launcher"=C:\Program Files\RK Launcher\RKLauncher.exe [2005-10-19 393216]
"Alt+Q Hotkey Tool"=C:\WINDOWS\Alt+Q Hotkey.exe [2005-12-19 27648]
"WinRoll"=C:\Program Files\WinRoll\winroll.exe [2006-01-02 15872]
"Yz Shadow"=C:\Program Files\YzShadow\YzShadow.exe [2006-02-24 172032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=C2FFFF03
"NoDriveAutoRun"=C2FFFF03

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"D:\Games\Commandos 3\commandos3.exe"="D:\Games\Commandos 3\commandos3.exe:*:Disabled:commandos3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games\Need for speed\speed.exe"="D:\Games\Need for speed\speed.exe:*:Enabled:speed"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows NetMeeting"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]
shell\AutoRun\command - G:\bsp.cmd
shell\open\command - G:\bsp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345d-0ca4-11dd-a761-806d6172696f}]
shell\AutoRun\command - bsp.cmd
shell\open\command - bsp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9123345e-0ca4-11dd-a761-806d6172696f}]
shell\AutoRun\command - bsp.cmd
shell\open\command - bsp.cmd


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-04-12 00:58:51 ----D---- C:\Program Files\Avira
2009-04-12 00:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-11 16:53:16 ----D---- C:\Program Files\trend micro
2009-04-11 16:53:15 ----D---- C:\rsit
2009-04-03 14:38:17 ----D---- C:\Documents and Settings\Don\Application Data\WinRAR
2009-04-03 14:11:22 ----D---- C:\WINDOWS\ERUNT
2009-04-03 14:06:13 ----D---- C:\SDFix
2009-04-01 03:10:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-01 02:39:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:36 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-01 02:39:36 ----D---- C:\Documents and Settings\Don\Application Data\SUPERAntiSpyware.com
2009-04-01 02:39:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-29 19:11:14 ----D---- C:\Documents and Settings\Don\Application Data\Malwarebytes
2009-03-29 19:11:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-29 19:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-11 19:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 19:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 19:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 19:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-27 01:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-22 17:36:25 ----D---- C:\Program Files\Common Files\Logitech
2009-02-22 17:36:25 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2009-02-22 17:36:18 ----D---- C:\Program Files\Logitech
2009-02-22 00:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(3)
2009-02-13 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-12 20:48:22 ----D---- C:\Documents and Settings\Don\Application Data\AVG7
2009-02-12 20:48:09 ----D---- C:\Program Files\Grisoft(2)
2009-02-12 20:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2009-02-12 20:48:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg7(2)
2009-02-08 19:55:48 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-08 19:55:46 ----A---- C:\WINDOWS\system32\SET117.tmp
2009-02-08 19:55:43 ----D---- C:\Documents and Settings\Don\Application Data\U3
2009-02-03 21:43:12 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-03 21:42:43 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-02-03 21:42:37 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-02-02 17:01:04 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-02-02 17:01:04 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-02-02 17:01:04 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-02-02 17:01:04 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-02-02 17:01:04 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-02-02 17:01:04 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-01-27 02:17:47 ----D---- C:\WINDOWS\nview
2009-01-27 02:17:47 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-01-27 02:15:38 ----A---- C:\WINDOWS\system32\nvmctray.dll.FlyakiteOSX
2009-01-27 02:13:36 ----D---- C:\NVIDIA
2009-01-27 02:08:07 ----D---- C:\WINDOWS\nview(2)
2009-01-27 02:05:46 ----D---- C:\NVIDIA Display Driver
2009-01-26 14:15:49 ----D---- C:\Program Files\Flat Panel Adjust
2009-01-20 18:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

======List of files/folders modified in the last 3 months======

2009-04-14 00:17:14 ----D---- C:\WINDOWS\Prefetch
2009-04-14 00:12:49 ----D---- C:\Program Files\Mozilla Firefox
2009-04-14 00:03:32 ----HD---- C:\WINDOWS\FlyakiteOSX
2009-04-14 00:03:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-14 00:03:18 ----D---- C:\WINDOWS\Temp
2009-04-13 23:57:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-13 01:57:58 ----RD---- C:\Program Files
2009-04-13 01:57:58 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 23:22:07 ----D---- C:\WINDOWS\system32
2009-04-12 23:22:07 ----D---- C:\WINDOWS
2009-04-12 00:59:02 ----HD---- C:\WINDOWS\inf
2009-04-12 00:58:15 ----SHD---- C:\WINDOWS\Installer
2009-04-12 00:58:15 ----D---- C:\Config.Msi
2009-04-12 00:58:13 ----D---- C:\WINDOWS\WinSxS
2009-04-12 00:58:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-11 16:47:25 ----D---- C:\Program Files\Common Files
2009-04-03 14:12:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-01 03:10:17 ----D---- C:\Documents and Settings
2009-03-31 01:55:56 ----D---- C:\Documents and Settings\Don\Application Data\uTorrent
2009-03-31 01:48:14 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-03-28 13:06:31 ----A---- C:\YServer.txt
2009-03-26 00:13:55 ----D---- C:\Documents and Settings\Don\Application Data\SolidDocuments
2009-03-22 18:55:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-22 18:21:18 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-03-22 15:37:00 ----D---- C:\WINDOWS\system32\DirectX
2009-03-22 15:36:59 ----RSD---- C:\WINDOWS\assembly
2009-03-13 19:04:47 ----A---- C:\WINDOWS\system32\MRT.INI
2009-03-11 19:48:43 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 19:01:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-03 02:00:22 ----D---- C:\Program Files\Soulseek
2009-02-26 04:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-22 17:39:40 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 17:39:40 ----D---- C:\Program Files\USB Vibration
2009-02-22 17:37:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-22 01:37:24 ----D---- C:\WINDOWS\system32\config
2009-02-22 01:37:12 ----D---- C:\WINDOWS\system32\wbem
2009-02-22 01:37:12 ----D---- C:\WINDOWS\Registration
2009-02-22 00:26:53 ----D---- C:\WINDOWS\system
2009-02-15 01:39:48 ----D---- C:\Program Files\NetMeeting
2009-02-14 18:41:06 ----D---- C:\Program Files\FlashGet
2009-02-14 18:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 17:45:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-14 17:41:00 ----D---- C:\Downloads
2009-02-14 03:01:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-08 19:08:24 ----D---- C:\WINDOWS\system32\Restore
2009-01-27 02:18:02 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-22 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-22 25416]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-01-04 223128]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2005-12-27 42496]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-24 1895648]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-04-17 10368]
R3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2006-02-06 8410880]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-11-25 203776]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-03-24 110659]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

-----------------EOF-----------------

Attached Files



#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 13 April 2009 - 11:50 AM

Hi,

Not sure if you have performed my steps with regedit though. If you did, then you did something wrong.
In anyway, do next please...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Also, keep in mind that your USB drive is infected and whenever you plug it back in, it will reinfect your computer again, so it may be a good idea to scan with Avira while your USB is inserted, otherwise it will be a neverending story.

Edited by miekiemoes, 13 April 2009 - 11:52 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 April 2009 - 08:42 AM

Hi miekiemoes,

I have followed the instructions to download and run Combofix. I disabled firewall and Avira before starting Combofix. It seems the system is working fine now. I can go to my local disk and see hidden files. I can also see my USB thumbdrive when I insert it in (it's a different thumbdrive, not the one which I suspect transferred the virus into my PC). I turn on the firewall and Avira active guard after Combofix is done. Below is the Combofix log.

I will use Avira to scan any USB thumdrive inserted from now onwards. What you have done is really wonderful. Sincerely thank you so much for your guide and solution to the root of my problems :thumbup2:



ComboFix 09-04-14.08 - Don 04/14/2009 21:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.233 [GMT 8:00]
Running from: c:\documents and settings\Don\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-11 16:58 . 2009-02-13 03:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-11 16:58 . 2009-04-11 16:58 -------- d-----w c:\program files\Avira
2009-04-11 16:58 . 2009-04-11 16:58 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-11 08:53 . 2009-04-13 16:19 -------- d-----w c:\program files\trend micro
2009-04-11 08:53 . 2009-04-11 08:53 -------- d-----w C:\rsit
2009-04-03 06:12 . 2009-04-03 06:12 578048 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-03 06:11 . 2009-04-03 06:11 -------- d-----w c:\windows\ERUNT
2009-04-03 06:06 . 2009-04-03 06:40 -------- d-----w C:\SDFix
2009-03-31 19:11 . 2009-03-31 19:11 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-03-31 18:39 . 2009-03-31 18:39 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-31 18:39 . 2009-03-31 18:39 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-31 18:39 . 2009-03-31 18:39 -------- d-----w c:\documents and settings\Don\Application Data\SUPERAntiSpyware.com
2009-03-31 18:39 . 2009-03-31 18:39 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-29 11:11 . 2009-03-29 11:11 -------- d-----w c:\documents and settings\Don\Application Data\Malwarebytes
2009-03-29 11:11 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-29 11:11 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-29 11:11 . 2009-04-12 17:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-29 11:11 . 2009-03-29 11:11 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 17:55 . 2008-04-18 05:57 -------- d-----w c:\documents and settings\Don\Application Data\uTorrent
2009-03-28 05:06 . 2008-04-17 12:49 412653 ----a-w C:\YServer.txt
2009-03-25 16:13 . 2008-04-18 06:56 -------- d-----w c:\documents and settings\Don\Application Data\SolidDocuments
2009-03-04 14:57 . 2008-12-28 07:57 244 ---ha-w C:\sqmnoopt06.sqm
2009-03-04 14:57 . 2008-12-28 07:57 232 ---ha-w C:\sqmdata06.sqm
2009-03-02 18:00 . 2008-04-17 12:56 -------- d-----w c:\program files\Soulseek
2009-02-22 09:39 . 2008-04-17 11:47 -------- d-----w c:\program files\USB Vibration
2009-02-22 09:39 . 2008-04-17 10:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-22 09:37 . 2009-02-22 09:36 3370 ----a-w C:\LGSInst.Log
2009-02-22 09:36 . 2009-02-22 09:36 -------- d-----w c:\program files\Common Files\Logitech
2009-02-22 09:36 . 2009-02-22 09:36 -------- d-----w c:\program files\Logitech
2009-02-21 17:37 . 2009-02-21 16:28 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft(3)
2009-02-21 17:32 . 2009-02-12 12:48 -------- d-----w c:\documents and settings\Don\Application Data\AVG7
2009-02-17 17:51 . 2008-12-27 05:50 244 ---ha-w C:\sqmnoopt05.sqm
2009-02-17 17:51 . 2008-12-27 05:50 232 ---ha-w C:\sqmdata05.sqm
2009-02-17 15:57 . 2008-06-25 12:25 244 ---ha-w C:\sqmnoopt04.sqm
2009-02-17 15:57 . 2008-06-25 12:25 232 ---ha-w C:\sqmdata04.sqm
2009-02-17 15:53 . 2008-05-11 03:45 244 ---ha-w C:\sqmnoopt03.sqm
2009-02-17 15:53 . 2008-05-11 03:45 232 ---ha-w C:\sqmdata03.sqm
2009-02-14 10:41 . 2008-04-17 12:46 -------- d-----w c:\program files\FlashGet
2009-02-14 10:17 . 2008-04-17 12:58 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 09:45 . 2008-04-17 12:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 18:34 . 2009-02-12 12:48 -------- d-----w c:\program files\Grisoft(2)
2009-02-13 18:34 . 2009-02-12 12:48 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft(2)
2009-02-13 18:34 . 2009-02-12 12:48 -------- d-----w c:\documents and settings\All Users\Application Data\avg7(2)
2009-02-09 11:13 . 2001-08-23 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 13:25 . 2008-01-23 09:50 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-03 13:25 . 2008-01-23 09:50 232 ---ha-w C:\sqmdata02.sqm
2009-02-03 12:28 . 2008-01-23 09:33 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-03 12:28 . 2008-01-23 09:33 232 ---ha-w C:\sqmdata01.sqm
2008-11-23 19:11 . 2008-11-23 19:11 19504 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-07-13 14:30 . 2008-07-13 14:30 19504 ----a-w c:\documents and settings\Don\Application Data\GDIPFONTCACHEV1.DAT
2008-01-04 10:23 . 2008-04-17 10:18 19504 ----a-w c:\documents and settings\Don\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577024 EA855B4CA7B6723413BF5FD3224312F2 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-03 16:56 576512 FB77859D24D31CB3CA43177CF0EBDDCE c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\FlyakiteOSX\Backup\user32.dll
[-] 2008-04-14 00:12 578048 051844654F244CE58DB6969A1EE76546 c:\windows\ServicePackFiles\i386\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\user32.dll
[-] 2008-04-14 00:12 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\user32.dll
[-] 2009-04-03 06:12 578048 051844654F244CE58DB6969A1EE76546 c:\windows\system32\dllcache\user32.dll

[-] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[7] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[7] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[7] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[7] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[7] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[7] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 10:37 680448 FCCE5D5DB299208015E26090277F9E42 c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2004-08-03 16:56 677376 D866A8E7CE1C2F09C2C4276F9A615C0A c:\windows\$NtUninstallKB947864$\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2008-02-16 08:59 680448 592CDB64908DFDEC8049163F62921E1E c:\windows\$NtUninstallKB950759_0$\wininet.dll
[7] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 07:04 680448 9D0FDD99DC10126E97DD2B7FC15737B7 c:\windows\$NtUninstallKB953838_0$\wininet.dll
[7] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 15:38 680448 0018B5DBC9C8A182E10454CAD2F14C4C c:\windows\$NtUninstallKB956390_0$\wininet.dll
[7] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 05:38 680448 EFEC668C176942686197A4619999435D c:\windows\$NtUninstallKB958215_0$\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\FlyakiteOSX\Backup\wininet.dll
[-] 2008-10-16 01:00 687104 D9C9CD84A7883E761883EA21C680270D c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
[-] 2008-10-16 01:00 687104 D9C9CD84A7883E761883EA21C680270D c:\windows\system32\wininet.dll
[-] 2008-10-16 01:00 687104 D9C9CD84A7883E761883EA21C680270D c:\windows\system32\dllcache\wininet.dll

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 07:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-10-17 10:25 2015104 848A6953E57AEDEF3A5CB7AA7715992D c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-04-17 15:46 2014208 969F998BBEDBFD55F1FCC094FA4DA886 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2008-04-18 14:47 2014976 DE78108955046F767E14C1ED7761F57E c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
[-] 2008-08-14 09:33 2023424 FC33CF6436DB6833058289EBCFC86224 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
[-] 2008-12-14 15:15 2023424 20736CDBD06FAC44A088E781883082E0 c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 09:33 2023424 FC33CF6436DB6833058289EBCFC86224 c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 08:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-10-17 10:25 2137728 6991C023E6BA813CFE8577F3B5C56C68 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-04-17 15:46 2138368 FEA005A44FB744A31BE860F6E8BF8AB6 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2008-04-18 14:47 2137728 6AC9BA89D04D16B5D4F67528E3FA5327 c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
[-] 2008-08-14 10:11 2146560 8049B83DD4757EFE07AE3AFB77215B1B c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
[-] 2008-12-14 15:15 2146560 0370EC38FFE76AC9784CA825E173F9BA c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 10:11 2146560 8049B83DD4757EFE07AE3AFB77215B1B c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2008-04-14 00:12 1366016 8E348959F6304E138DE70637F8D10ACC c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1365504 CE928F64D003155C22E9EA801C266F27 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-03 16:56 1364480 5DE8FFE4ACD3C0A3C0166A6129A12241 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2008-04-14 00:12 1366016 8E348959F6304E138DE70637F8D10ACC c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"RK Launcher"="c:\program files\RK Launcher\RKLauncher.exe" [2005-10-19 393216]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"WinRoll"="c:\program files\WinRoll\winroll.exe" [2006-01-01 15872]
"Yz Shadow"="c:\program files\YzShadow\YzShadow.exe" [2006-02-24 172032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-03-24 3309568]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-03-24 58880]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-03-24 782336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-4-18 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]
\Shell\AutoRun\command - G:\bsp.cmd
\Shell\open\Command - G:\bsp.cmd
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sg.yahoo.com/?p=us
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\odlry056.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 21:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2692)
c:\program files\YzShadow\YzShadow.dll
c:\program files\RK Launcher\RKLauncher.dll
c:\windows\System32\cscui.dll
c:\program files\WinRoll\winroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\credui.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 13:08
ComboFix2.txt 2009-04-14 12:59

Pre-Run: 1,151,348,736 bytes free
Post-Run: 1,136,287,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=5 LastKnownGood=6 Sets=1,2,3,4,5,6
249 --- E O F --- 2009-03-13 11:05

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 14 April 2009 - 09:13 AM

Hi,

Just one leftover...

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80f4113b-1829-11dd-a723-001109dcb1c9}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

I also see some system files were patched, but it's your FlyakiteOSX that did this luckily :thumbup2:

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 14 April 2009 - 12:11 PM

Hi miekiemoes,

I copied the whole thing including REGEDIT4 and pasted it in notepad. The only different thing I notice is that there is only an option " All Files " instead of " *all files " (please refer to the screenshot attached). I think I did some attempting to delete any mountpoints2 found in Regedit before as I read from some forums that it was the way to get rid of the problem "opening local disk in another window" which happened to the system previously.

I have followed your instruction and Combofix has been uninstalled successfully.

The system is operating fine now.

Attached Files



#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:18 AM

Posted 14 April 2009 - 01:18 PM

You have to select as all files, otherwise it will save it as a txt file. No wonder it didn't work previously :thumbup2:
As I already posted in my instructions, the file should then look as this: Posted Image
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 dmt87

dmt87
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 15 April 2009 - 05:48 AM

I'm not sure which part of the process I did wrong but I always save it as "all files" .

Whatever, the pc is ok now. Once again thanks a lot for everything ! :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users