Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    McAfee Tech Support Scam Harvesting Credit Card Information

Featured Deal: Get 95% Off the Certified Information Systems Security Professional Training Course

Photo

Infected by some virus from Flash drive

Started by Yuriy , Apr 12 2009 01:47 PM

  • This topic is locked This topic is locked
28 replies to this topic

#1 Yuriy

Yuriy

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 12 April 2009 - 01:47 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by yura at 21:38:49,07 on 13.04.2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.2046.977 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\Program Files\RescueTime\RescueTime.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Miranda IM\miranda32.exe
C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Documents and Settings\yura\Рабочий стол\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\yura\Рабочий стол\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a favorites
uRun: [eyeBeam SIP Client] "c:\program files\counterpath\x-lite\x-lite.exe"
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\yura\5d29~1\4a66~1\60c2~1\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
StartupFolder: c:\docume~1\yura\5d29~1\4a66~1\60c2~1\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
StartupFolder: c:\docume~1\alluse~1\5d29~1\4a66~1\60c2~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\5d29~1\4a66~1\60c2~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\5d29~1\4a66~1\60c2~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\5d29~1\4a66~1\60c2~1\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215067605109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.3424.21/TSWeb.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {A6DDC957-86D0-4AD0-8D58-86B83FC2743C} = 82.207.66.250 82.207.66.241
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\yura\applic~1\mozilla\firefox\profiles\fcmndjut.default\
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\documents and settings\yura\application data\mozilla\firefox\profiles\fcmndjut.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\yura\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\yura\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\joost plugin\npjoost.dll
FF - plugin: c:\program files\mozilla firefox 3.1 beta 2\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox 3.1 beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox 3.1 beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-13 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-12 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-13 108552]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-6-15 179584]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2008-12-17 14464]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-6-15 49536]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-10-5 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-10-5 41680]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-13 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-13 298264]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2008-8-19 63104]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-18 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [2009-1-27 39680]
S2 gupdate1c985285109f384;Google Update Service (gupdate1c985285109f384);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\yura\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\yura\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2008-8-19 20992]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-1-11 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-1-11 8320]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-3-1 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2009-3-1 19392]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-3 98488]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-04-12 20:44 161,792 a------- c:\windows\SWREG.exe
2009-04-12 20:44 98,816 a------- c:\windows\sed.exe
2009-04-12 20:10 24,888 a------- c:\documents and settings\yura\apow32.exe
2009-04-12 19:57 24,920 a------- c:\documents and settings\yura\vcmc32.exe
2009-04-12 19:56 28,440 a------- c:\documents and settings\yura\msesrv.exe
2009-04-12 19:56 24,910 a------- c:\documents and settings\yura\dnrmgr32.exe
2009-04-12 19:55 26,286 a------- c:\documents and settings\yura\s3mgr.exe
2009-04-12 19:55 32,676 a------- c:\documents and settings\yura\wrm32.exe
2009-04-12 19:55 27,668 a------- c:\documents and settings\yura\svnmgr.exe
2009-04-12 19:55 34,946 a------- c:\documents and settings\yura\wincpr.exe
2009-04-12 19:54 30,990 a------- c:\documents and settings\yura\mscupdate.exe
2009-04-12 19:54 29,416 a------- c:\documents and settings\yura\onbar2.exe
2009-04-12 19:54 25,356 a------- c:\documents and settings\yura\msmp3.exe
2009-04-12 19:54 33,848 a------- c:\documents and settings\yura\faxmgr.exe
2009-04-12 19:54 28,628 a------- c:\documents and settings\yura\opti.exe
2009-04-05 23:12 <DIR> --d----- c:\program files\common files\Intel
2009-04-05 23:12 <DIR> --d----- c:\program files\CounterPath
2009-04-05 10:31 0 a------- C:\tmp.xml
2009-04-02 11:36 <DIR> -cd-h--- c:\windows\ie8
2009-03-26 15:07 <DIR> --d----- c:\docume~1\yura\applic~1\com.finetune.air.FinetuneDesktop.5A5745AF31CA8642D8B7AB0B66869F7EAE12B728.1
2009-03-26 15:07 <DIR> --d----- c:\program files\Finetune
2009-03-25 19:56 1,025 a------- c:\windows\system32\sysprs7.tgz
2009-03-25 19:56 1,025 a------- c:\windows\system32\sysprs7.dll
2009-03-25 19:56 1,025 a------- c:\windows\system32\clauth2.dll
2009-03-25 19:56 1,025 a------- c:\windows\system32\clauth1.dll
2009-03-25 19:56 219 a------- c:\windows\system32\lsprst7.tgz
2009-03-25 19:56 87 a------- c:\windows\system32\ssprs.tgz
2009-03-25 19:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Minnetonka Audio Software
2009-03-25 19:56 21 a------- c:\windows\SurCode.INI
2009-03-24 13:39 <DIR> --d----- c:\program files\KeePass Password Safe 2
2009-03-24 12:25 307,200 a------- c:\windows\system32\BMAPI.dll
2009-03-24 12:25 233,472 a------- c:\windows\system32\NicConfigSvc.cpl
2009-03-24 12:25 61,440 a------- c:\windows\system32\KPower.dll
2009-03-24 12:24 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS
2009-03-23 12:42 <DIR> --d----- c:\program files\MusicBrainz Picard
2009-03-21 21:02 <DIR> --d----- c:\docume~1\yura\applic~1\Red Alert 3
2009-03-21 20:38 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-03-21 20:38 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-03-21 20:38 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-03-21 20:38 444,776 a------- c:\windows\system32\d3dx10_35.dll
2009-03-21 20:38 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2009-03-21 20:38 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-03-21 09:59 <DIR> --d----- c:\program files\AviSynth 2.5
2009-03-21 09:59 <DIR> --d----- c:\program files\eRightSoft
2009-03-19 22:43 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-18 21:55 <DIR> --d----- c:\docume~1\yura\applic~1\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-03-18 21:55 <DIR> --d----- c:\program files\TweetDeck
2009-03-16 22:13 <DIR> --d----- c:\docume~1\yura\applic~1\Foxit

==================== Find3M ====================

2009-04-02 11:39 493,052 a------- c:\windows\system32\perfh019.dat
2009-04-02 11:39 88,376 a------- c:\windows\system32\perfc019.dat
2009-04-02 08:52 150,533 a------- c:\windows\system32\nvModes.dat
2009-04-01 10:26 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-03-27 10:22 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-24 12:08 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-24 12:08 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-13 14:41 12,840 a---h--- c:\windows\system32\mlfcache.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-01 17:47 118,720 a------- c:\windows\system32\rdpdispd.dll
2009-03-01 17:47 19,392 a------- c:\windows\system32\drivers\rdpvmp.sys
2009-03-01 17:47 15,696 a------- c:\windows\system32\rdpvdd.dll
2009-03-01 17:47 9,040 a------- c:\windows\system32\drivers\rdpdispm.sys
2009-02-09 17:07 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-02 17:30 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-02-02 17:30 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-02-02 14:57 22,328 ac------ c:\docume~1\yura\applic~1\PnkBstrK.sys
2009-02-02 14:57 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-02-02 14:57 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-02-02 14:57 66,872 a------- c:\windows\system32\PnkBstrA.exe
2006-05-03 13:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 14:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 16:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 21:39:09,98 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 12 April 2009 - 03:08 PM

After I opend one *.txt file from my flash drive, AVG antivirus window poped up and showed me this list of files with various infections:

2009-04-12 20:10 24,888 a------- c:\documents and settings\yura\apow32.exe
2009-04-12 19:57 24,920 a------- c:\documents and settings\yura\vcmc32.exe
2009-04-12 19:56 28,440 a------- c:\documents and settings\yura\msesrv.exe
2009-04-12 19:56 24,910 a------- c:\documents and settings\yura\dnrmgr32.exe
2009-04-12 19:55 26,286 a------- c:\documents and settings\yura\s3mgr.exe
2009-04-12 19:55 32,676 a------- c:\documents and settings\yura\wrm32.exe
2009-04-12 19:55 27,668 a------- c:\documents and settings\yura\svnmgr.exe
2009-04-12 19:55 34,946 a------- c:\documents and settings\yura\wincpr.exe
2009-04-12 19:54 30,990 a------- c:\documents and settings\yura\mscupdate.exe
2009-04-12 19:54 29,416 a------- c:\documents and settings\yura\onbar2.exe
2009-04-12 19:54 25,356 a------- c:\documents and settings\yura\msmp3.exe
2009-04-12 19:54 33,848 a------- c:\documents and settings\yura\faxmgr.exe
2009-04-12 19:54 28,628 a------- c:\documents and settings\yura\opti.exe

(see above in previous log post)

I've also noticed two faxmgr.exe processes running taking up to 50 of my CPU and AVG list of infected files was rising in real time.. then I just killed those processes and then run ComboFix.exe, now I don't see any suspected activity, like those faxmgr.exe processes, but these *.exe files are still there.. so I'm not sure if my PC is completelly clean(

Any help appreciated.

#3 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 12 April 2009 - 03:42 PM

I have one more machine infected by the same flash drive, so I'd like to clean it also after I make sure this machine is cleaned properly..

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:09 AM

Posted 26 April 2009 - 11:57 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 27 April 2009 - 08:13 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by yura at 2009-04-27 16:09:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 26 GB
Total RAM: 2046 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:16, on 27.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\MOG-O-MATIC\MogClient.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 2.3\lightroom.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\yura\Рабочий стол\RSIT.exe
C:\Program Files\trend micro\yura.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Окно состояния Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Настройки Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215067605109
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.3424.21/TSWeb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...586/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985285109f384) (gupdate1c985285109f384) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 16710 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1563985344-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll [2009-03-13 1687552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"=nvHotkey.dll,Start []
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2008-05-14 303104]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2008-05-14 159744]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-07-25 823296]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-07-25 974848]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2007-09-10 92160]
"SecureUpgrade"=C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [2007-09-14 218424]
"EmbassySecurityCheck"=C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [2007-09-14 75064]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"CAP3ON"=C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE [2002-07-30 22528]
"boincmgr"=C:\Program Files\BOINC\boincmgr.exe [2008-12-09 4289280]
"boinctray"=C:\Program Files\BOINC\boinctray.exe [2008-12-09 58112]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-21 13594624]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-07-31 65536]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-10 185872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-03-27 24103720]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2009-04-01 1353408]
"eyeBeam SIP Client"=C:\Program Files\CounterPath\X-Lite\x-lite.exe [2008-04-22 22237184]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"Google Update"=C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]

C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Окно состояния Canon LASER SHOT LBP-1120.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

C:\Documents and Settings\yura\Главное меню\Программы\Автозагрузка
DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe
digsby.lnk - C:\Program Files\Digsby\digsby.exe
RescueTime.lnk - C:\Program Files\RescueTime\RescueTime.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [2006-11-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Psi\psi.exe"="C:\Program Files\Psi\psi.exe:*:Enabled:psi"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Joost Plugin\joostws.exe"="C:\Program Files\Joost Plugin\joostws.exe:*:Enabled:joostws"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Documents and Settings\yura\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\yura\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe"="C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe"="C:\Program Files\Gbridge LLC\Gbridge\Gbridge.exe:*:Enabled:GBridge"
"C:\Program Files\Gbridge LLC\Gbridge\gbwinvnc.exe"="C:\Program Files\Gbridge LLC\Gbridge\gbwinvnc.exe:*:Enabled:Gbwinvnc"
"C:\Program Files\Gbridge LLC\Gbridge\gbvncviewer.exe"="C:\Program Files\Gbridge LLC\Gbridge\gbvncviewer.exe:*:Enabled:Gbvncviewer"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\OneSwarm\OneSwarm.exe"="C:\Program Files\OneSwarm\OneSwarm.exe:*:Enabled:OneSwarm"
"C:\Program Files\Digsby\lib\digsby-app.exe"="C:\Program Files\Digsby\lib\digsby-app.exe:*:Enabled:Digsby IM"
"C:\Program Files\MusicBrainz Picard\picard.exe"="C:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"C:\Program Files\CounterPath\X-Lite\x-lite.exe"="C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite"
"C:\Program Files\Mozilla Thunderbird 3 Beta 2\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird 3 Beta 2\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f06b66-83c4-11dd-96cb-001a6b8bb8f6}]
shell\AutoRun\command - G:\xih9.cmd
shell\explore\command - G:\xih9.cmd
shell\open\command - G:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d3b07fa-bd3d-11dd-9735-00138f49b03d}]
shell\AutoRun\command - xih9.cmd
shell\explore\command - xih9.cmd
shell\open\command - xih9.cmd


======List of files/folders created in the last 1 months======

2009-04-27 16:09:27 ----D---- C:\Program Files\trend micro
2009-04-27 16:09:26 ----D---- C:\rsit
2009-04-26 13:10:51 ----D---- C:\Program Files\MOG-O-MATIC
2009-04-23 08:58:53 ----D---- C:\WINDOWS\LastGood
2009-04-22 20:51:19 ----D---- C:\Program Files\Common Files\PCSuite
2009-04-22 20:49:55 ----D---- C:\Program Files\PC Connectivity Solution
2009-04-22 20:31:46 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-04-22 20:31:46 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-04-22 20:30:30 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-04-22 17:05:27 ----D---- C:\Program Files\TightVNC
2009-04-22 11:38:17 ----D---- C:\WINDOWS\ShellNew
2009-04-22 11:38:16 ----D---- C:\Program Files\AutoHotkey
2009-04-22 10:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-22 10:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 17:21:40 ----D---- C:\Program Files\Visicom
2009-04-16 21:08:09 ----D---- C:\WINDOWS\McAfee.com
2009-04-16 18:42:27 ----D---- C:\Program Files\ESET
2009-04-16 17:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 17:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 17:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 17:13:12 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 17:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 12:01:39 ----D---- C:\Program Files\TweetDeck
2009-04-15 13:31:41 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-04-15 13:31:40 ----A---- C:\WINDOWS\system32\tmpPrst.dll
2009-04-15 13:31:40 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-04-15 12:59:24 ----D---- C:\WINDOWS\UltraDefrag
2009-04-15 12:36:21 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-04-15 12:36:17 ----D---- C:\Program Files\Alwil Software
2009-04-14 19:47:14 ----D---- C:\Program Files\Toshiba
2009-04-14 19:46:15 ----D---- C:\dell
2009-04-14 09:35:58 ----D---- C:\backup
2009-04-14 09:35:53 ----D---- C:\report
2009-04-14 09:35:53 ----D---- C:\debug
2009-04-14 09:35:52 ----D---- C:\syscl3an
2009-04-14 09:35:52 ----A---- C:\output.txt0
2009-04-14 09:19:20 ----A---- C:\TSCTest.ini
2009-04-14 09:19:20 ----A---- C:\tsc.ini
2009-04-14 09:19:20 ----A---- C:\tsc.exe
2009-04-14 09:19:20 ----A---- C:\TestTool.exe
2009-04-14 09:19:20 ----A---- C:\Syscl3an.com
2009-04-14 09:19:20 ----A---- C:\regini.exe
2009-04-14 09:19:20 ----A---- C:\fix.bat
2009-04-14 08:57:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-14 00:15:36 ----D---- C:\Program Files\Panda Security
2009-04-13 23:28:47 ----A---- C:\CF-RC.txt
2009-04-13 23:27:30 ----A---- C:\Boot.bak
2009-04-13 23:27:25 ----RASHD---- C:\cmdcons
2009-04-13 23:25:01 ----SHD---- C:\RECYCLER
2009-04-13 23:24:10 ----D---- C:\ComboFix
2009-04-13 23:22:40 ----A---- C:\WINDOWS\system32\CF30161.exe
2009-04-13 23:14:13 ----D---- C:\Documents and Settings\yura\Application Data\Uniblue
2009-04-12 20:44:42 ----A---- C:\WINDOWS\zip.exe
2009-04-12 20:44:42 ----A---- C:\WINDOWS\vFind.exe
2009-04-12 20:44:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-12 20:44:42 ----A---- C:\WINDOWS\SWSC.exe
2009-04-12 20:44:42 ----A---- C:\WINDOWS\SWREG.exe
2009-04-12 20:44:42 ----A---- C:\WINDOWS\sed.exe
2009-04-12 20:44:42 ----A---- C:\WINDOWS\grep.exe
2009-04-12 20:44:38 ----D---- C:\WINDOWS\ERDNT
2009-04-12 20:43:06 ----D---- C:\Qoobox
2009-04-07 15:55:41 ----D---- C:\Documents and Settings\yura\Application Data\vlc
2009-04-05 23:12:21 ----D---- C:\Program Files\Common Files\Intel
2009-04-05 23:12:14 ----D---- C:\Program Files\CounterPath
2009-04-02 11:36:00 ----HDC---- C:\WINDOWS\ie8
2009-04-01 10:21:03 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-01 10:21:03 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-01 10:21:03 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-04-27 16:09:27 ----D---- C:\Program Files
2009-04-27 13:57:13 ----D---- C:\WINDOWS\Temp
2009-04-27 13:57:10 ----SD---- C:\WINDOWS\Tasks
2009-04-27 08:53:51 ----D---- C:\Program Files\Mozilla Thunderbird 3 Beta 2
2009-04-27 08:50:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-26 17:57:25 ----AC---- C:\WINDOWS\ModemLog_Nokia E51 USB Modem #2.txt
2009-04-26 17:51:35 ----A---- C:\WINDOWS\wincmd.ini
2009-04-26 15:37:50 ----HD---- C:\WINDOWS\inf
2009-04-26 15:37:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-26 15:37:50 ----D---- C:\WINDOWS\system32
2009-04-26 15:37:50 ----D---- C:\WINDOWS
2009-04-26 14:40:27 ----D---- C:\Documents and Settings\yura\Application Data\Azureus
2009-04-26 13:25:03 ----D---- C:\Documents and Settings\yura\Application Data\foobar2000
2009-04-26 13:06:41 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2009-04-26 01:13:48 ----A---- C:\WINDOWS\ModemLog_Nokia E51 USB Modem.txt
2009-04-26 00:33:58 ----SHD---- C:\WINDOWS\Installer
2009-04-26 00:33:56 ----D---- C:\Program Files\Google
2009-04-24 11:59:27 ----D---- C:\Documents and Settings\yura\Application Data\Skype
2009-04-24 08:14:01 ----D---- C:\Documents and Settings\yura\Application Data\skypePM
2009-04-23 23:00:04 ----D---- C:\Documents and Settings\yura\Application Data\XBMC
2009-04-23 11:50:35 ----D---- C:\Program Files\Notepad++
2009-04-23 10:46:28 ----D---- C:\Program Files\Vuze
2009-04-23 10:11:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-23 08:59:30 ----D---- C:\WINDOWS\system32\drivers
2009-04-22 20:57:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-22 20:54:33 ----D---- C:\WINDOWS\Registration
2009-04-22 20:51:39 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-22 20:51:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-22 20:51:19 ----D---- C:\Program Files\Common Files
2009-04-22 20:51:16 ----D---- C:\Program Files\Common Files\Nokia
2009-04-22 20:34:25 ----SHD---- C:\WINDOWS\CSC
2009-04-22 20:31:40 ----D---- C:\Program Files\Nokia
2009-04-22 12:05:32 ----D---- C:\Documents and Settings\yura\Application Data\GARMIN
2009-04-22 10:17:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-21 16:48:58 ----D---- C:\Program Files\Songbird
2009-04-21 15:45:39 ----D---- C:\Program Files\Last.fm
2009-04-21 11:17:18 ----D---- C:\WINDOWS\Prefetch
2009-04-21 10:39:41 ----D---- C:\Program Files\Mozilla Firefox
2009-04-20 10:20:10 ----A---- C:\WINDOWS\ModemLog_Стандартный модем 33600 bps.txt
2009-04-19 22:10:57 ----D---- C:\Program Files\Crayon Physics Deluxe Demo
2009-04-19 18:25:32 ----AC---- C:\WINDOWS\ModemLog_Nokia E51 Bluetooth Modem #2.txt
2009-04-17 19:56:11 ----D---- C:\WINDOWS\pss
2009-04-17 19:56:10 ----RASH---- C:\boot.ini
2009-04-17 19:56:09 ----A---- C:\WINDOWS\win.ini
2009-04-17 19:56:09 ----A---- C:\WINDOWS\system.ini
2009-04-17 16:20:34 ----D---- C:\Program Files\Postbox
2009-04-16 21:08:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-16 18:05:19 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 18:05:19 ----D---- C:\WINDOWS\AppPatch
2009-04-16 17:13:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 11:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-04-15 19:19:32 ----A---- C:\WINDOWS\WirelessFTP.INI
2009-04-15 13:34:07 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-04-15 13:31:40 ----A---- C:\WINDOWS\SurCode.INI
2009-04-14 19:58:06 ----D---- C:\Documents and Settings\yura\Application Data\Toshiba
2009-04-14 19:56:05 ----D---- C:\WINDOWS\system32\config
2009-04-14 19:55:31 ----D---- C:\Program Files\Dropbox
2009-04-14 18:27:38 ----D---- C:\Documents and Settings\yura\Application Data\HouseCall 6.6
2009-04-14 13:20:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-14 13:11:04 ----SD---- C:\Documents and Settings\yura\Application Data\Microsoft
2009-04-14 12:46:26 ----D---- C:\Documents and Settings
2009-04-14 00:45:47 ----D---- C:\WINDOWS\Debug
2009-04-12 20:33:09 ----D---- C:\Program Files\EsetOnlineScanner
2009-04-12 12:06:09 ----D---- C:\Program Files\Digsby
2009-04-09 16:08:40 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-04-07 11:13:40 ----D---- C:\Documents and Settings\yura\Application Data\Mozilla
2009-04-06 17:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-03 14:59:14 ----D---- C:\Program Files\Adobe
2009-04-02 11:41:15 ----D---- C:\WINDOWS\system32\ru-ru
2009-04-02 11:41:14 ----D---- C:\WINDOWS\Media
2009-04-02 11:41:14 ----D---- C:\WINDOWS\Help
2009-04-02 11:41:14 ----D---- C:\Program Files\Internet Explorer
2009-04-02 11:39:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-02 11:39:20 ----D---- C:\WINDOWS\ie8updates
2009-04-02 11:30:30 ----D---- C:\WINDOWS\system32\en-us
2009-04-01 10:21:02 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-01-20 179584]
R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 49536]
R1 intelppm;Драйвер Intel процессора; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40704]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-04-01 215872]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]
R1 WmiAcpi;Интерфейс управления для ACPI Microsoft Windows; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Среда Windows Socket 2.0 поддержки поставщиков не-IFS служб; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-23 21393]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 Dokan;Dokan; \??\C:\WINDOWS\system32\drivers\dokan.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-05-14 12672]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-06-01 34064]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-05-29 12416]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 WavxDMgr;WavxDMgr; C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys [2007-09-10 161280]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-05-14 132608]
R3 Arp1394;Протокол клиента 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCMTPM;BCMTPM; C:\WINDOWS\system32\DRIVERS\btpmw32.sys [2005-10-14 17290]
R3 CmBatt;Драйвер батареи с ACPI-управлением (Майкрософт); C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 gbridge;Gbridge Virtual Miniport; C:\WINDOWS\system32\DRIVERS\gbridge.sys [2009-01-27 39680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-30 56320]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-27 25280]
R3 HDAudBus;Драйвер шины Microsoft UAA для High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 mouhid;Драйвер мыши HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-19 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]
R3 NIC1394;Сетевой драйвер 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-21 6179552]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-05-14 1228296]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-04-03 46992]
R3 toshidpt;Bluetooth HID Port; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbehci;Драйвер минипорта Microsoft USB 2.0 расширенного хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Драйвер стандартного концентратора USB (Microsoft); C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Драйвер минипорта Microsoft USB универсального хост-контроллера; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WaveFDE;Wave System Power Monitor Device Driver; C:\WINDOWS\system32\DRIVERS\WaveFDE.sys [2007-09-06 18176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 avfv253z;avfv253z; C:\WINDOWS\system32\drivers\avfv253z.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\yura\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 CSRBC;CSRBC.Sys CSR test driver; C:\WINDOWS\System32\Drivers\csrbcxp.sys [2008-05-14 31744]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hidusb;Драйвер класса HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-05-14 989696]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-05-14 209152]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDISPM;RDPDISPM; C:\WINDOWS\system32\DRIVERS\rdpdispm.sys [2009-03-01 9040]
S3 RDPVDD;RDPVDD; C:\WINDOWS\system32\DRIVERS\rdpvmp.sys [2009-03-01 19392]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 ultradfg;ultradfg; C:\WINDOWS\System32\DRIVERS\ultradfg.sys [2009-03-15 32256]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Драйвер запоминающих устройств для USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-05-14 730112]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Драйвер фильтра восстановления системы; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2008-02-22 475136]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-21 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-02 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-02 107832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-07-25 987136]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [2008-05-14 90112]
R2 tcsd_win32.exe;NTRU TSS v1.2.1.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2007-11-08 1552384]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2007-09-07 737280]
R2 Wave UCSPlus;Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-07-25 294912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
R3 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 gupdate1c985285109f384;Google Update Service (gupdate1c985285109f384); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 aspnet_state;Служба состояний ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 DokanMounter;DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [2008-08-19 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-11 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 98488]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2007-08-31 486400]
S3 WaveEnrollmentService;WaveEnrollmentService; C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe [2007-09-13 192512]
S3 WMPNetworkSvc;Служба общих сетевых ресурсов проигрывателя Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 914944]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]

-----------------EOF-----------------

#6 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
    •  
  • Local time:05:09 PM

Posted 03 May 2009 - 02:40 AM

Hello Yuriy,

Suebaby41 has some personal matters to attend and i will help you with your problem. Each helper works differently, so please follow my instructions and post back the reports i ask.
----------------------------------------------
You shouldn't be running Combofix yourself, there is a reason we have a warning for this tool.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
----------------------------------------------
Post back:
Malwarebytes' Anti-Malware report.
A new HijackThis log.

Please do not attach or zip reports, just post them.

Edited by chryssi2001, 03 May 2009 - 02:48 AM.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#7 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 05 May 2009 - 03:14 AM

Malwarebytes' Anti-Malware 1.36
Database version: 2076
Windows 5.1.2600 Service Pack 3

05.05.2009 11:12:17
mbam-log-2009-05-05 (11-12-17).txt

Scan type: Full Scan (C:\|L:\|Z:\|)
Objects scanned: 342014
Time elapsed: 1 hour(s), 42 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\yura\Local Settings\TempImages\CleanTemps.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#8 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 05 May 2009 - 03:15 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:48, on 05.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\DeskPins\DeskPins.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 2.3\lightroom.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Picasa3\Picasa3.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ссылки
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Окно состояния Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Настройки Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215067605109
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.3424.21/TSWeb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...586/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: Журнал событий (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985285109f384) (gupdate1c985285109f384) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Служба COM записи компакт-дисков IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Диспетчер сеанса справки для удаленного рабочего стола (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Смарт-карты (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Журналы и оповещения производительности (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Теневое копирование тома (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Адаптер производительности WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 17137 bytes

#9 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
    •  
  • Local time:05:09 PM

Posted 05 May 2009 - 01:09 PM

Hello Yuriy,

I need some information from you. Copy all these lines in my quote, and below each one, translate in English the foreign part.

Please translate for me what is not in English language in the lines below:

O4 - Global Startup: Окно ÑоÑтоÑÐ½Ð¸Ñ Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O9 - Extra 'Tools' menuitem: &ÐаÑтройки Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O23 - Service: Журнал Ñобытий (Eventlog) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\services.exe
O23 - Service: Служба COM запиÑи компакт-диÑков IMAPI (ImapiService) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\services.exe
O23 - Service: Ðâ€Ð¸Ñпетчер ÑеанÑа Ñправки Ð´Ð»Ñ ÑƒÐ´Ð°Ð»ÐµÐ½Ð½Ð¾Ð³Ð¾ рабочего Ñтола (RDSessMgr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Смарт-карты (SCardSvr) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Журналы и Ð¾Ð¿Ð¾Ð²ÐµÑ‰ÐµÐ½Ð¸Ñ Ð¿Ñ€Ð¾Ð¸Ð·Ð²Ð¾Ð´Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð¾Ñти (SysmonLog) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Теневое копирование тома (VSS) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Ðдаптер производительноÑти WMI (WmiApSrv) - ÐšÐ¾Ñ€Ð¿Ð¾Ñ€Ð°Ñ†Ð¸Ñ ÐœÐ°Ð¹ÐºÑ€Ð¾Ñофт - C:\WINDOWS\system32\wbem\wmiapsrv.exe


I am sorry it looks the forum software has a problem with these lines. Please see which they are from your HijackThis log.
Last file will help you.
----------------------------------------------
Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:

C:\Program Files\Dokan\DokanLibrary\mounter.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
----------------------------------------------
Remove Combofix as it's outdated.
----------------------------------------------
Note: Before running Combofix, please plug on your pc your USB stick (Flash Drive), and let it there untill Combofix reboots the pc and creates the report.

Download and run Combofix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.
Please include the C:\ComboFix.txt for further review.
----------------------------------------------
Post back:
Combofix report.
Jotti results.

Please do not zip or attach reports, just post them.

Edited by chryssi2001, 05 May 2009 - 01:24 PM.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#10 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 06 May 2009 - 01:24 PM

Translation:
O4 - Global Startup: ?z?????? N???N?N‚??N?????N? Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Status window Canon LASER SHOT LBP-1120.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O9 - Extra 'Tools' menuitem: &???°N?N‚N€???????? Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O23 - Service: ?–N?N€???°?» N????±N‹N‚???? (Eventlog) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\services.exe
O23 - Service: Event log (Eventlog) - Microsoft corporation - C:\WINDOWS\system32\services.exe
O23 - Service: ???»N??¶?±?° COM ?·?°????N??? ?????????°??N‚-????N??????? IMAPI (ImapiService) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\imapi.exe
O23 - Service: COM service for CD recording IMAPI (ImapiService) - Microsoft corporation - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft corporation - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\services.exe
O23 - Service: Plug and Play (PlugPlay) - Microsoft corporation - C:\WINDOWS\system32\services.exe
O23 - Service: ?a€???N????µN‚N‡?µN€ N??µ?°??N??° N???N€?°?????? ???»N? N????°?»?µ?????????? N€?°?±??N‡?µ???? N?N‚???»?° (RDSessMgr) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote desktop help session monitor (RDSessMgr) - Microsoft corporation - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: ?????°N€N‚-???°N€N‚N‹ (SCardSvr) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Smart-cards (SCardSvr) - Microsoft corporation - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ?–N?N€???°?»N‹ ?? ?????????µN‰?µ????N? ??N€?????·????????N‚?µ?»N?????N?N‚?? (SysmonLog) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Performance journals and notifications (SysmonLog) - Microsoft corporation - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: ???µ???µ?????µ ????????N€?????°?????µ N‚?????° (VSS) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Shadow volume copying (VSS) - Microsoft corporation - C:\WINDOWS\System32\vssvc.exe
O23 - Service: ?????°??N‚?µN€ ??N€?????·????????N‚?µ?»N?????N?N‚?? WMI (WmiApSrv) - ?s??N€????N€?°N†??N? ???°????N€??N???N„N‚ - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Performance adapter WMI (WmiApSrv) - Microsoft corporation - C:\WINDOWS\system32\wbem\wmiapsrv.exe

#11 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 06 May 2009 - 01:29 PM

Scanner results
Scan taken on 06 May 2009 18:26:57 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#12 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
    •  
  • Local time:05:09 PM

Posted 06 May 2009 - 01:30 PM

Thanks :thumbup2:

Can you plese go to your Control Panel, Regional Settings, and make sure you pc is in English, so we won't have any more language problems? Reboot after that and check it out running a new HijackThis log and see how it looks.

When we are done and you are clean, i will let you know when, you can change it back to your language.

Then continue with the rest of my instructions.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#13 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 06 May 2009 - 01:39 PM

What exact property in Regional Settings do you mean? I belive there is no way to change Windows service names to english in Russian localized version..(

#14 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
    •  
  • Local time:05:09 PM

Posted 07 May 2009 - 06:15 AM

Well you can try and we'll see what happens.

In Regional and Language Options, click on Languages Tab, and then on Details button. Click on the arrow where language shows, under Default Input Language, and set English there if you can see it, click apply, OK, and then go to Advanced Tab. Again click on arrow next to language window, and set English there. Reboot, and test it running HijackThis.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#15 Yuriy

Yuriy
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
    •  
  • Local time:04:09 PM

Posted 07 May 2009 - 09:19 AM

I've changed language, as you instructed, but the names are still in Russian :thumbup2:. Installing some kind of language pack might help..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:58, on 07.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Documents and Settings\yura\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ??????
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\yura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &????????? Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1215067605109
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.3424.21/TSWeb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...586/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: ?????? ??????? (Eventlog) - ?????????? ?????????? - C:\WINDOWS\system32\services.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985285109f384) (gupdate1c985285109f384) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ?????? COM ?????? ???????-?????? IMAPI (ImapiService) - ?????????? ?????????? - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - ?????????? ?????????? - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - ?????????? ?????????? - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ????????? ?????? ??????? ??? ?????????? ???????? ????? (RDSessMgr) - ?????????? ?????????? - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: ?????-????? (SCardSvr) - ?????????? ?????????? - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: ??????? ? ?????????? ?????????????????? (SysmonLog) - ?????????? ?????????? - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: ??????? ??????????? ???? (VSS) - ?????????? ?????????? - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: ??????? ?????????????????? WMI (WmiApSrv) - ?????????? ?????????? - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 15914 bytes
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·