Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard network operating system printer problem ram registry router slow software sound svchost.exe toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
What is this error message ? Virus maybe ? (In Progress)

Reply  
Thread Tools
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
25-Oct-2009, 03:35 PM #1
What is this error message ? Virus maybe ?
I inserted a USB U3 (Flash Drive) in my pc, and when I double click it. It never opens the USB, i thought its just normal. So, I just right click > open the USB. But after I restart my computer, an Error occured saying "Cannot Find C:/Documents blah blah blah". What I did was I go to that location, C:/ then I create a folder named Documents then I try to restart my PC. But when it shuts down another error occured "System.exe DLL Initialization failed" Something like that, then another error appear when I click ok. "rundl32.exe or something like that, same message appears". When it restarted, its very long to load to the desktop then a folder came out. The folder that I make "Documents" came out, when starting. I don't know how I get infected because my Avast Antivirus is up to date.I tried to manually delete the file in the usb, I tried using "Tools>Folder Options, then Show Hidden Files and then uncheck those two Hide options below that Show Hidden Files." But still it won't let me view the hidden files.

I decided to do a HJT scan with my infected USB in the PC.

Code:
Logfile of HijackThis v1.99.1
Scan saved at 9:07:03 PM, on 10/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\drivers\System.exe
C:\WINDOWS\system\services.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Application Data\U3\2242820C6DC07F7E\LaunchPad.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 190.247.186.163:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explore.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

And also, at random times. My Avast Antivirus just pops-up an error message saying something that "services.exe is performing like a malware or something like that, then I have to choose between ignore and delete. Then when I click OK, another message appears saying that I must do a scan after restarting my comp with OK and Cancel as an option."
Last edited by kleinconejos23; 26-Oct-2009 at 01:19 AM..
Register for free to hide this ad!
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
26-Oct-2009, 01:21 AM #2
I also scan my USB with "Owen's Flash Drive Cleaner" then it detects two viruses. logonui.exe and autorun.inf it deleted the two viruses. But when I replug my Flash Drive, and scan again. The virus is there again.
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
28-Oct-2009, 12:40 AM #3
Can someone please post a reply ?
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
06-Nov-2009, 09:30 AM #4
Please reply.
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
08-Nov-2009, 05:59 PM #5
Welcome to TSG

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
Microsoft Valuable Professional Consumer--Security 2007-2010
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
13-Nov-2009, 10:06 PM #6
Thank God there is someone who replied to my post.

And I manage to let my computer show the hidden files and folders with this step i found in Google.

Quote:
1- Click Start –> Run –> regsvr32 /i browseui.dll –> enter

A confirmation message will appear like given below

2- Click Start –> Run –> regsvr32 /i shell32.dll

Wait for the confirmation and click OK.
And I got these two files in my Drive D:/.

Quote:
Autorun.inf
logonui.exe
No wonder everytime I open my Drive D:/ (Double Click) it opens in another folder. I strongly suspects this is a malware/virus infection.



Here is my ComboFix log.

Code:
ComboFix 09-11-13.04 - Administrator 11/13/2009 18:34.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.772 [GMT 8:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091112-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explore.exe
c:\windows\system\services.exe
c:\windows\system32\drivers\system.exe
c:\windows\system32\msupdte.exe
c:\windows\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-13 09:29 . 2009-11-13 09:29 -------- d-----w- c:\program files\Trend Micro
2009-11-06 13:43 . 2009-11-06 14:04 -------- d-----w- c:\program files\DreamerRO
2009-11-05 16:30 . 2009-11-05 16:31 550230 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\RAG_SETUP0618_314\ RAG_SETUP0618.exe
2009-11-04 01:26 . 2009-11-04 01:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Micro-Sys
2009-11-04 01:26 . 2009-11-04 01:26 -------- d-----w- c:\program files\Micro-Sys Software
2009-10-31 01:17 . 2009-10-31 01:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-10-31 01:17 . 2009-10-31 01:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thinstall
2009-10-30 20:37 . 2009-10-30 20:37 -------- d-----w- C:\found.000
2009-10-26 09:02 . 2009-10-26 09:03 174203 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\FlyakiteOSXv3.5_28 5\FlyakiteOSXv3.5.exe
2009-10-22 13:21 . 2009-10-22 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 13:21 . 2009-10-22 13:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 13:21 . 2009-10-22 13:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-22 13:20 . 2009-10-22 13:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-21 06:28 . 2009-10-21 06:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\2K Sports
2009-10-21 02:10 . 2009-10-21 02:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2009-10-21 02:10 . 2009-10-21 02:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2009-10-21 02:10 . 2009-11-11 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-21 02:07 . 2009-10-21 02:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-21 02:07 . 2008-03-11 05:00 230912 ----a-w- c:\windows\system32\CNMLM9M.DLL
2009-10-21 02:07 . 2009-10-21 02:07 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-10-21 02:07 . 2009-10-21 02:07 -------- d--h--w- c:\program files\CanonBJ
2009-10-21 02:06 . 2009-10-21 02:10 -------- d-----w- c:\program files\Canon
2009-10-20 01:29 . 2009-10-20 01:45 -------- d-----w- c:\program files\RegCure
2009-10-19 08:24 . 2009-10-19 08:24 -------- d-----w- C:\Documents
2009-10-18 01:16 . 2009-10-18 01:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-10-17 13:24 . 2009-11-10 08:40 -------- d-----w- c:\program files\infs4
2009-10-16 15:12 . 2009-10-16 15:13 171011 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\daemon4304-lite_238\daemon4304-lite.exe
2009-10-16 13:23 . 2009-10-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-10-16 10:26 . 2009-03-30 00:17 386378 --sha-r- c:\windows\system32\spoiler.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-13 10:27 . 2009-09-23 01:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-11-13 10:22 . 2009-09-11 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-11-13 02:57 . 2009-10-14 05:41 -------- d-----w- c:\program files\BrazenRF Client
2009-11-12 00:59 . 2009-10-01 01:30 -------- d-----w- c:\program files\Diablo II
2009-11-12 00:01 . 2009-09-11 17:36 -------- d-----w- c:\program files\Cheat Engine
2009-10-31 01:19 . 2009-08-22 12:09 3199062 ------w- c:\documents and settings\Administrator\Application Data\Thinstall\Executable File Icons Changer\%drive_D%\sRO\SeiRO.exe
2009-10-29 03:43 . 2009-09-11 13:23 88232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 15:20 . 2009-09-11 13:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-10-27 00:27 . 2009-09-19 07:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-10-25 23:58 . 2009-09-19 10:39 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-10-06 10:48 . 2009-10-06 10:48 -------- d-----w- c:\program files\Microsoft.NET
2009-10-06 10:46 . 2009-10-06 10:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-04 22:19 . 2009-09-11 18:24 -------- d-----w- c:\program files\4t Tray Minimizer
2009-10-04 12:55 . 2009-09-25 11:28 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2009-10-02 01:13 . 2009-10-02 01:13 -------- d-----w- c:\program files\HyCam2
2009-10-01 13:35 . 2009-10-01 01:17 249856 ------w- c:\windows\Setup1.exe
2009-10-01 13:35 . 2009-10-01 01:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-01 02:30 . 2009-10-01 01:17 -------- d-----w- c:\program files\Hero Editor
2009-10-01 02:26 . 2009-10-01 02:14 36774 ----a-w- c:\windows\DIIUnin.dat
2009-10-01 02:14 . 2009-10-01 02:14 94208 ----a-w- c:\windows\DIIUnin.exe
2009-10-01 02:14 . 2009-10-01 02:14 2829 ----a-w- c:\windows\DIIUnin.pif
2009-10-01 01:40 . 2009-10-01 00:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-01 01:40 . 2009-10-01 00:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-01 01:40 . 2009-10-01 00:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-01 00:32 . 2009-10-01 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-10-01 00:30 . 2009-10-01 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-01 00:30 . 2009-10-01 00:30 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-01 00:30 . 2009-10-01 00:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-01 00:27 . 2009-10-01 00:27 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-30 17:44 . 2009-09-30 17:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-30 17:11 . 2009-09-30 17:11 -------- d-----w- c:\program files\PowerISO
2009-09-27 04:01 . 2009-09-27 04:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-23 01:50 . 2009-09-23 01:50 -------- d-----w- c:\program files\uTorrent
2009-09-21 05:40 . 2009-09-21 05:40 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-21 05:11 . 2009-09-21 05:11 -------- d-----w- c:\program files\Rockstar Games
2009-09-21 05:11 . 2009-09-11 13:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 04:39 . 2009-09-19 10:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wildfire
2009-09-19 10:37 . 2009-09-19 10:37 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-09-19 10:29 . 2009-09-19 10:29 4096 ----a-w- c:\windows\d3dx.dat
2009-09-19 07:20 . 2009-09-19 07:20 -------- d-----w- c:\documents and settings\kleinski\Application Data\Yahoo!
2009-09-19 00:56 . 2009-09-11 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\PlayFirst
2009-09-18 04:22 . 2009-09-18 04:19 -------- d-----w- c:\program files\Diner Dash Hometown Hero
2009-09-17 16:06 . 2009-09-17 16:06 -------- d-----w- c:\program files\Chikka Messenger
2009-09-16 15:02 . 2009-09-16 15:02 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-09-15 11:18 . 2009-09-15 11:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-15 10:56 . 2009-09-15 10:56 -------- d-----w- c:\program files\Microtek
2009-09-15 10:56 . 2009-09-11 13:06 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-15 10:46 . 2009-09-11 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-09-14 13:15 . 2009-09-14 13:15 -------- d-----w- c:\program files\FLV Player
2009-09-13 01:29 . 2009-09-11 12:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-11 17:49 . 2009-09-11 17:49 59776 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\piaipRCHack_v1.08_ 21\piaipRCHack_v1.08.exe
2009-09-11 15:03 . 2009-09-11 15:03 0 ----a-w- c:\windows\nsreg.dat
2009-09-11 14:41 . 2009-09-11 14:41 116144 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-09-11 13:34 . 2009-09-11 13:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 13:33 . 2009-09-11 13:33 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-09-11 13:10 . 2009-09-11 13:10 315392 ----a-w- c:\windows\HideWin.exe
2009-09-11 12:50 . 2009-09-11 12:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-17 16:10 . 2009-09-11 13:21 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-09-11 13:21 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-09-11 13:21 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-09-11 13:21 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-09-11 13:21 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-09-11 13:21 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-09-11 13:21 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-09-11 13:21 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-09-11 13:21 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-03-30 00:17 . 2009-10-16 10:26 386378 --sha-r- c:\windows\system32\spoiler.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-11 2553264]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-23 288560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-11 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-12 1519616]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - c:\program files\4t Tray Minimizer\4t-min.exe [2009-9-12 1091584]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 04:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\RohanBotPh1.0.12 \\Rohanbot.exe"=
"d:\\Client\\rohanclient.exe"=
"c:\\Client\\rohanclient.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\RohanBotPh1.0.12 \\Accescode bot\\Rohanbot.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\games\\mad caps\\madcaps_r1a.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BrazenRF Client\\BrazenRF.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/11/2009 9:21 PM 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/6/2008 11:58 AM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/6/2008 11:58 AM 51440]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [9/11/2009 9:21 PM 20560]
S2 ComServiceApp;COM+ Service Applicationt;c:\windows\system32\cmd.exe [8/4/2004 8:56 AM 388608]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 8:56 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;c:\documents and settings\Administrator\Desktop\RohanBotPh1.0.12\NT ProcDrv.sys [9/11/2009 11:26 PM 3584]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-11-13 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 01:30]

2009-11-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 01:30]

2009-11-13 c:\windows\Tasks\User_Feed_Synchronization-{A91EC2D7-A458-4FC6-B769-1251925EA641}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 190.247.186.163:80
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p99yihwe.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Blackout Ragnarok Online - c:\program files\Blackout Ragnarok Online\Uninstall.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 18:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x855FF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x855ff1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1604221776-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,4a,6f ,ac,a8,9e,e1,49,98,ea,15,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,4a,6f ,ac,a8,9e,e1,49,98,ea,15,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7623c43 2-ef0a-474c-8f32-526234ff7cfc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000135
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76 ,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,ef,03,46,d2,46,aa ,b7,81,ff,de,1b,59,3f,a3,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,f2,e4,79,fb,8e,28,42,45,6f,d2,0 7,8c,0a,4b,c4,37,ba,6d,83,66,
d4,dd,45,b6,09,41,46,8d,07,33,b4,b7,97,dd,bc,8f,c3 ,11,c7,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-11-13 18:39
ComboFix-quarantined-files.txt 2009-11-13 10:38

Pre-Run: 14,427,361,280 bytes free
Post-Run: 15,216,934,912 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5DF94D53B8F2833719BBBE629F31499A
And here is also the error message I was talking about that Avast keeps giving to me.



I also did use a Trojan Remover. And detects this process know to be a malicious malware.

Quote:
C:\WINDOWS\Explore.exe
C:\WINDOWS\system32\drivers\System.exe
I also suspect these process to be some what related to the virus.

Quote:
lsass.exe
winlogon.exe
services.exe
Since they can't be killed in the process of task manager.
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
15-Nov-2009, 09:44 PM #7
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
c:\windows\system32\spoiler.exe
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


============================================================



Please download QueryMountpoints.zip, extract quermountpoints.bat to your desktop. Double-Click on querymountpoints.bat and a log shall appear. Please post it in your next reply along with the ComboFix log. Thanks

[b][color=red]Make sure all your usb devices are pluged in. Just don't open any.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
__________________
Microsoft Valuable Professional Consumer--Security 2007-2010
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
16-Nov-2009, 03:31 AM #8
Combo Fix Log:

Quote:
ComboFix 09-11-15.01 - Administrator 11/16/2009 15:19.3.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.579 [GMT 8:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\My Documents\Downloads\Programs\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091115-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\spoiler.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\spoiler.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-15 17:24 . 2009-09-21 07:59 3101560 ----a-w- c:\documents and settings\Administrator\Application Data\Simply Super Software\Trojan Remover\xba12B.exe
2009-11-15 03:17 . 2009-11-15 03:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2009-11-15 03:17 . 2009-11-15 03:17 -------- d-----w- c:\program files\Conduit
2009-11-15 03:17 . 2009-11-15 15:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PHPNukeEN
2009-11-15 03:17 . 2009-11-15 10:02 -------- d-----w- c:\program files\PHPNukeEN
2009-11-14 02:28 . 2009-11-14 06:49 -------- d-----w- c:\program files\Task Killer
2009-11-14 00:14 . 2009-09-21 07:59 3101560 ----a-w- c:\documents and settings\Administrator\Application Data\Simply Super Software\Trojan Remover\bxv2E.exe
2009-11-14 00:01 . 2009-11-14 00:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\Simply Super Software
2009-11-14 00:01 . 2009-09-21 07:59 3101560 ----a-w- c:\documents and settings\LocalService\Application Data\Simply Super Software\Trojan Remover\iuo5.exe
2009-11-13 23:51 . 2009-11-15 17:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-13 23:45 . 2006-06-19 05:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-11-13 23:45 . 2006-05-25 07:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-11-13 23:45 . 2005-08-25 17:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-11-13 23:45 . 2003-02-02 12:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-11-13 23:45 . 2002-03-05 17:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-11-13 23:45 . 2009-11-13 23:45 -------- d-----w- c:\program files\Trojan Remover
2009-11-13 23:45 . 2009-11-13 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-11-13 23:45 . 2009-11-13 23:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-11-13 19:44 . 2009-11-14 06:43 -------- d-----w- c:\program files\Pando Networks
2009-11-13 15:38 . 2009-11-13 15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 15:38 . 2009-11-13 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-13 09:29 . 2009-11-13 09:29 -------- d-----w- c:\program files\Trend Micro
2009-11-05 16:30 . 2009-11-05 16:31 550230 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\RAG_SETUP0618_314\RAG_SETUP0618.exe
2009-11-04 01:26 . 2009-11-04 01:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Micro-Sys
2009-11-04 01:26 . 2009-11-04 01:26 -------- d-----w- c:\program files\Micro-Sys Software
2009-10-31 01:17 . 2009-10-31 01:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-10-31 01:17 . 2009-10-31 01:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thinstall
2009-10-26 09:02 . 2009-10-26 09:03 174203 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\FlyakiteOSXv3.5_285\FlyakiteOSXv3.5.exe
2009-10-22 13:21 . 2009-10-22 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 13:21 . 2009-10-22 13:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 13:21 . 2009-10-22 13:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-22 13:20 . 2009-10-22 13:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-21 06:28 . 2009-10-21 06:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\2K Sports
2009-10-21 02:10 . 2009-10-21 02:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenu
2009-10-21 02:10 . 2009-10-21 02:10 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter
2009-10-21 02:10 . 2009-11-11 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-10-21 02:07 . 2009-10-21 02:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-21 02:07 . 2008-03-11 05:00 230912 ----a-w- c:\windows\system32\CNMLM9M.DLL
2009-10-21 02:07 . 2009-10-21 02:07 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-10-21 02:07 . 2009-10-21 02:07 -------- d--h--w- c:\program files\CanonBJ
2009-10-21 02:06 . 2009-10-21 02:10 -------- d-----w- c:\program files\Canon
2009-10-20 01:29 . 2009-10-20 01:45 -------- d-----w- c:\program files\RegCure
2009-10-19 08:24 . 2009-10-19 08:24 -------- d-----w- C:\Documents
2009-10-18 01:16 . 2009-10-18 01:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-10-17 13:24 . 2009-11-10 08:40 -------- d-----w- c:\program files\infs4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 07:26 . 2009-09-11 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
2009-11-16 07:23 . 2009-09-23 01:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-11-16 05:29 . 2009-11-14 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-11-16 03:42 . 2009-10-14 05:41 -------- d-----w- c:\program files\BrazenRF Client
2009-11-15 16:23 . 2009-10-01 01:30 -------- d-----w- c:\program files\Diablo II
2009-11-15 06:21 . 2009-09-11 17:36 -------- d-----w- c:\program files\Cheat Engine
2009-11-14 10:00 . 2009-11-14 08:03 -------- d-----w- c:\program files\Security Task Manager
2009-11-13 19:49 . 2009-09-11 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM
2009-10-31 01:19 . 2009-08-22 12:09 3199062 ------w- c:\documents and settings\Administrator\Application Data\Thinstall\Executable File Icons Changer\%drive_D%\sRO\SeiRO.exe
2009-10-29 03:43 . 2009-09-11 13:23 88232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 15:20 . 2009-09-11 13:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-10-27 00:27 . 2009-09-19 07:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-10-25 23:58 . 2009-09-19 10:39 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-10-16 15:13 . 2009-10-16 15:12 171011 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\daemon4304-lite_238\daemon4304-lite.exe
2009-10-16 13:23 . 2009-10-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-10-06 10:48 . 2009-10-06 10:48 -------- d-----w- c:\program files\Microsoft.NET
2009-10-06 10:46 . 2009-10-06 10:46 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-04 22:19 . 2009-09-11 18:24 -------- d-----w- c:\program files\4t Tray Minimizer
2009-10-04 12:55 . 2009-09-25 11:28 -------- d-----w- c:\program files\Red Alert 2 Yuri's Revenge
2009-10-02 01:13 . 2009-10-02 01:13 -------- d-----w- c:\program files\HyCam2
2009-10-01 13:35 . 2009-10-01 01:17 249856 ------w- c:\windows\Setup1.exe
2009-10-01 13:35 . 2009-10-01 01:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-01 02:30 . 2009-10-01 01:17 -------- d-----w- c:\program files\Hero Editor
2009-10-01 02:26 . 2009-10-01 02:14 36774 ----a-w- c:\windows\DIIUnin.dat
2009-10-01 02:14 . 2009-10-01 02:14 94208 ----a-w- c:\windows\DIIUnin.exe
2009-10-01 02:14 . 2009-10-01 02:14 2829 ----a-w- c:\windows\DIIUnin.pif
2009-10-01 01:40 . 2009-10-01 00:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-01 01:40 . 2009-10-01 00:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-01 01:40 . 2009-10-01 00:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-01 00:32 . 2009-10-01 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-10-01 00:30 . 2009-10-01 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-01 00:30 . 2009-10-01 00:30 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-01 00:30 . 2009-10-01 00:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-01 00:27 . 2009-10-01 00:27 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-30 17:44 . 2009-09-30 17:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-30 17:11 . 2009-09-30 17:11 -------- d-----w- c:\program files\PowerISO
2009-09-27 04:01 . 2009-09-27 04:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-23 01:50 . 2009-09-23 01:50 -------- d-----w- c:\program files\uTorrent
2009-09-21 05:40 . 2009-09-21 05:40 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-21 05:11 . 2009-09-21 05:11 -------- d-----w- c:\program files\Rockstar Games
2009-09-21 05:11 . 2009-09-11 13:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-20 04:39 . 2009-09-19 10:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Wildfire
2009-09-19 10:37 . 2009-09-19 10:37 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-09-19 10:29 . 2009-09-19 10:29 4096 ----a-w- c:\windows\d3dx.dat
2009-09-19 07:20 . 2009-09-19 07:20 -------- d-----w- c:\documents and settings\kleinski\Application Data\Yahoo!
2009-09-19 00:56 . 2009-09-11 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-09-18 04:22 . 2009-09-18 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\PlayFirst
2009-09-18 04:22 . 2009-09-18 04:19 -------- d-----w- c:\program files\Diner Dash Hometown Hero
2009-09-17 16:06 . 2009-09-17 16:06 -------- d-----w- c:\program files\Chikka Messenger
2009-09-13 01:29 . 2009-09-11 12:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-11 17:49 . 2009-09-11 17:49 59776 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\DwnlData\Administrator\piaipRCHack_v1.08_21\piaipRCHack_v1.08.exe
2009-09-11 15:03 . 2009-09-11 15:03 0 -c--a-w- c:\windows\nsreg.dat
2009-09-11 14:41 . 2009-09-11 14:41 116144 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2009-09-11 13:34 . 2009-09-11 13:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 13:33 . 2009-09-11 13:33 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-09-11 13:10 . 2009-09-11 13:10 315392 ----a-w- c:\windows\HideWin.exe
2009-09-11 12:50 . 2009-09-11 12:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-11-13_10.37.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-15 21:53 . 2009-11-15 21:53 16384 c:\windows\temp\Perflib_Perfdata_88.dat
+ 2009-11-16 01:52 . 2009-11-16 01:52 16384 c:\windows\temp\Perflib_Perfdata_854.dat
+ 2009-11-15 00:54 . 2009-11-15 00:54 16384 c:\windows\temp\Perflib_Perfdata_514.dat
- 2001-08-23 13:00 . 2001-08-23 13:00 28160 c:\windows\system32\dllcache\mciwave.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 28160 c:\windows\system32\dllcache\mciwave.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 25264 c:\windows\system32\dllcache\mciseq.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 25264 c:\windows\system32\dllcache\mciseq.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 73376 c:\windows\system32\dllcache\mciavi.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 73376 c:\windows\system32\dllcache\mciavi.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 2176 c:\windows\system32\dllcache\vga.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 2176 c:\windows\system32\dllcache\vga.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 4048 c:\windows\system32\dllcache\timer.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 4048 c:\windows\system32\dllcache\timer.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 3360 c:\windows\system32\dllcache\system.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 3360 c:\windows\system32\dllcache\system.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 1744 c:\windows\system32\dllcache\sound.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 1744 c:\windows\system32\dllcache\sound.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 2032 c:\windows\system32\dllcache\mouse.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 2032 c:\windows\system32\dllcache\mouse.drv
+ 2009-09-11 15:43 . 2001-08-23 13:00 2000 c:\windows\system32\dllcache\keyboard.drv
- 2001-08-23 13:00 . 2001-08-23 13:00 2000 c:\windows\system32\dllcache\keyboard.drv
+ 2009-09-11 15:43 . 2004-08-04 00:56 146432 c:\windows\system32\dllcache\winspool.drv
- 2004-08-04 00:56 . 2004-08-04 00:56 146432 c:\windows\system32\dllcache\winspool.drv
+ 2009-11-14 00:31 . 2009-11-05 01:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-11-15 2166296]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-11-15 10:04 2166296 ----a-w- c:\program files\PHPNukeEN\tbPHP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-11-15 2166296]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-11-15 2166296]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-11 2553264]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-23 288560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-12 7626752]
"protect_autorun"="c:\documents and settings\Administrator\My Documents\Downloads\Programs\CPE17AntiAutorun1330_2.exe" [2009-11-14 139264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 04:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^4t Tray Minimizer.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\4t Tray Minimizer.lnk
backup=c:\windows\pss\4t Tray Minimizer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\RohanBotPh1.0.12\\Rohanbot.exe"=
"d:\\Client\\rohanclient.exe"=
"c:\\Client\\rohanclient.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\RohanBotPh1.0.12\\Accescode bot\\Rohanbot.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\games\\mad caps\\madcaps_r1a.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BrazenRF Client\\BrazenRF.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\RohanBotPh1.0.12\\Thugsta\\Rohanbot.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\DDOS BOTNET\\Supernova 3.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/11/2009 9:21 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/6/2008 11:58 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/6/2008 11:58 AM 51440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/11/2009 9:21 PM 20560]
S2 ComServiceApp;COM+ Service Applicationt;c:\windows\system32\cmd.exe [8/4/2004 8:56 AM 388608]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 8:56 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTProcDrv;Process creation detector for NT.;c:\documents and settings\Administrator\Desktop\RohanBotPh1.0.12\NTProcDrv.sys [9/11/2009 11:26 PM 3584]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-11-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 01:30]

2009-11-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 01:30]

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{A91EC2D7-A458-4FC6-B769-1251925EA641}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 190.247.186.163:80
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p99yihwe.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 15:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x857DF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x857df1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1604221776-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,4a,6f,ac,a8,9e,e1,49,98,ea,15, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,4a,6f,ac,a8,9e,e1,49,98,ea,15, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7623c432-ef0a-474c-8f32-526234ff7cfc}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013d
"Therad"=dword:00000009
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f, 6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,e3,2f,4e,86,32,5f,50,74,ca,45,1f,34,11,02, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,f2,e4,79,fb,8e,28,42,45,6f,d2,07,8c,0a,4b,c4,37,ba,6d,83 ,66,
d4,dd,45,b6,09,41,46,8d,07,33,b4,b7,97,dd,bc,8f,c3,11,c7,00,00,00,00,00,00, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-11-16 15:28
ComboFix-quarantined-files.txt 2009-11-16 07:28
ComboFix2.txt 2009-11-15 00:51
ComboFix3.txt 2009-11-13 10:39

Pre-Run: 13,137,494,016 bytes free
Post-Run: 13,221,310,464 bytes free

- - End Of File - - 860A49BF1D5E128E12D92F3CC03F171B
kleinconejos23's Avatar
Member with 56 posts.
  
Join Date: Sep 2007
16-Nov-2009, 03:31 AM #9
MountPoint Log:

Quote:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\A]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\C]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\D]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\E]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\F]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\G]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\H]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{10329882-acb7-11de-9764-00e0380325ca}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{7339e48e-9ee8-11de-a492-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{7339e48f-9ee8-11de-a492-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{7339e490-9ee8-11de-a492-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{7339e491-9ee8-11de-a492-806d6172696f}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{9539c0fe-ae21-11de-976a-00e0380325ca}]
"BaseClass"="Drive"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{10329882-acb7-11de-9764-00e0380325ca}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d, \
00,65,00,64,00,69,00,61,00,23,00,37,00,26,00,32,00,34,00,39,00,61,00,65,00, \
64,00,61,00,66,00,26,00,30,00,26,00,52,00,4d,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,31,00,30,00,33,00,32,00,39,00,38,00,38,00,32,00,2d,00,61,00,63, \
00,62,00,37,00,2d,00,31,00,31,00,64,00,65,00,2d,00,39,00,37,00,36,00,34,00, \
2d,00,30,00,30,00,65,00,30,00,33,00,38,00,30,00,33,00,32,00,35,00,63,00,61, \
00,7d,00,5c,00,00,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,44,00,65,00, \
6e,00,69,00,65,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,41,00, \
63,00,63,00,65,00,73,00,73,00,20,00,44,00,65,00,6e,00,69,00,65,00,64,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,bd,ad,db,ba,bd,ad,db, \
ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba, \
bd,ad,db,ba,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{7339e48e-9ee8-11de-a492-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,0 0,\
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59, \
00,5f,00,44,00,52,00,49,00,56,00,45,00,23,00,35,00,26,00,37,00,39,00,64,00, \
38,00,33,00,34,00,65,00,26,00,30,00,26,00,30,00,23,00,7b,00,35,00,33,00,66, \
00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00, \
31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30, \
00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,37,00,33,00,33,00,39,00,65,00,34,00,38,00,65,00,2d,00,39,00,65, \
00,65,00,38,00,2d,00,31,00,31,00,64,00,65,00,2d,00,61,00,34,00,39,00,32,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,10,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{7339e48f-9ee8-11de-a492-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,0 0,\
64,00,52,00,6f,00,6d,00,54,00,53,00,53,00,54,00,63,00,6f,00,72,00,70,00,5f, \
00,43,00,44,00,44,00,56,00,44,00,57,00,5f,00,53,00,48,00,2d,00,53,00,32,00, \
30,00,32,00,4e,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f, \
00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,53,00,42,00,30,00,31,00,5f,00,5f,00, \
5f,00,5f,00,23,00,35,00,26,00,32,00,30,00,33,00,31,00,35,00,34,00,33,00,64, \
00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00, \
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31, \
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00, \
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,37,00,33,00,33,00,39,00,65,00,34,00,38,00,66,00,2d,00,39,00,65, \
00,65,00,38,00,2d,00,31,00,31,00,64,00,65,00,2d,00,61,00,34,00,39,00,32,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{7339e490-9ee8-11de-a492-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33, \
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00, \
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,31,00,42,00,33,00,30,00,31,00,42, \
00,32,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,4c,00, \
65,00,6e,00,67,00,74,00,68,00,31,00,33,00,38,00,38,00,33,00,35,00,42,00,30, \
00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00, \
2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34, \
00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00, \
62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,37,00,33,00,33,00,39,00,65,00,34,00,39,00,30,00,2d,00,39,00,65, \
00,65,00,38,00,2d,00,31,00,31,00,64,00,65,00,2d,00,61,00,34,00,39,00,32,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00, \
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00, \
00,ff,00,07,00,ff,00,00,00,16,00,00,00,a8,a6,99,48,00,00,00,00,00,00,00,30, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{7339e491-9ee8-11de-a492-806d6172696f}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,0 0,\
47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33, \
00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00, \
67,00,6e,00,61,00,74,00,75,00,72,00,65,00,31,00,42,00,33,00,30,00,31,00,42, \
00,32,00,4f,00,66,00,66,00,73,00,65,00,74,00,31,00,33,00,38,00,38,00,33,00, \
36,00,41,00,43,00,30,00,30,00,4c,00,65,00,6e,00,67,00,74,00,68,00,31,00,31, \
00,42,00,41,00,36,00,31,00,35,00,34,00,30,00,30,00,23,00,7b,00,35,00,33,00, \
66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31, \
00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00, \
30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,37,00,33,00,33,00,39,00,65,00,34,00,39,00,31,00,2d,00,39,00,65, \
00,65,00,38,00,2d,00,31,00,31,00,64,00,65,00,2d,00,61,00,34,00,39,00,32,00, \
2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66, \
00,7d,00,5c,00,00,00,44,00,72,00,69,00,76,00,65,00,20,00,44,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00, \
54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00, \
00,ff,00,07,00,ff,00,00,00,16,00,00,00,57,5c,1b,88,00,00,00,00,00,00,00,30, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\CPC\Volume\{9539c0fe-ae21-11de-976a-00e0380325ca}]
"Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,0 0,\
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,4b,00,4c,00,41, \
00,42,00,41,00,26,00,50,00,72,00,6f,00,64,00,5f,00,36,00,4a,00,47,00,48,00, \
59,00,4a,00,34,00,4c,00,26,00,52,00,65,00,76,00,5f,00,31,00,2e,00,30,00,33, \
00,23,00,35,00,26,00,33,00,36,00,65,00,35,00,39,00,37,00,32,00,26,00,30,00, \
26,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30, \
00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00, \
39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65, \
00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00, \
65,00,7b,00,39,00,35,00,33,00,39,00,63,00,30,00,66,00,65,00,2d,00,61,00,65, \
00,32,00,31,00,2d,00,31,00,31,00,64,00,65,00,2d,00,39,00,37,00,36,00,61,00, \
2d,00,30,00,30,00,65,00,30,00,33,00,38,00,30,00,33,00,32,00,35,00,63,00,61, \
00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00, \
6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,13,81,00, \
00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00, \
00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00, \
00
"Generation"=dword:00000001

Mountpoints Report
Mon 11/16/2009 15:28:32.90

No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

No Autorun files found in root of C:


No Autorun files found in root of D:




Contents of autorun.inf on F:
[autorun]
OPEN=nba2k9setup.exe
ICON=game.ico




Contents of autorun.inf on H:




Contents of autorun.inf on
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
17-Nov-2009, 10:50 PM #10
These files seem very suspicious

c:\documents and settings\Administrator\Application Data\Simply Super Software\Trojan Remover\xba12B.exe
c:\documents and settings\Administrator\Application Data\Simply Super Software\Trojan Remover\bxv2E.exe
c:\documents and settings\LocalService\Application Data\Simply Super Software\Trojan Remover\iuo5.exe

Did you download these?

Your using P2P programs which is the main problem currently.
__________________
Microsoft Valuable Professional Consumer--Security 2007-2010
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:20 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.