Solved Files in my removable disk are changed into shortcuts

shengxian · 2011/03/12

it said that the page is not found.
i had forgotten it。
http://downloads.ziddu.com/downloadfiles/4555572/USBDiskSecurityV5.1.0.15Keygen.rar and
http://downloads.ziddu.com/downloadfiles/4555633/USBDiskSecurityV5.1.0.15Keygen.rar

broni · 2011/03/12

What are those links?

shengxian · 2011/03/12

to download the file and the keygen to crack tat program.
i got those from a blog providing lots of cracked software

broni · 2011/03/12

Never, ever do this.
That's the fastest, sure way to get your computer infected.
You should know by now, why your computer has been infected.

Update Malwarebytes, run quick scan and post fresh log.

shengxian · 2011/03/12

www.eset.com/onlinescan
We are sorry, the page you requested cannot be found.

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.152.26
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````

i am so sorry.

broni · 2011/03/13

Update Malwarebytes, run quick scan and post fresh log.
Click to expand...

.....

shengxian · 2011/03/13

sorry sir.
i will post a moment later. i was not around. sorry for the trouble

broni · 2011/03/13

No problem

shengxian · 2011/03/13

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6039

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/14/2011 11:54:43 AM
mbam-log-2011-03-14 (11-54-43).txt

Scan type: Quick scan
Objects scanned: 144251
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\KUGHGZXAKT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VXEG3ZNNE5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KUGHGZXAKT (Trojan.FakeAlert) -> Value: KUGHGZXAKT -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

broni · 2011/03/13

See? This is what happens, when you keep downloading cracked programs.
We're going circles.

Delete your Combofix file, download fresh one and post new log.

shengxian · 2011/03/14

ComboFix 11-03-12.01 - PRE-LOADED 03/14/2011 18:16:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3004.2397 [GMT -8:00]
Running from: c:\documents and settings\PRE-LOADED\My Documents\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))))))))))))))))))))))))))
.
.
2011-03-12 17:55 . 2011-03-12 17:55 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\Nokia Ovi Suite
2011-03-12 17:55 . 2011-03-12 17:55 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\Nokia
2011-03-12 17:54 . 2011-03-12 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2011-03-12 17:36 . 2004-08-04 07:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-03-12 17:36 . 2004-08-04 07:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2011-03-12 17:35 . 2008-11-08 02:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-03-12 06:55 . 2011-03-12 07:04 -------- d-----w- c:\program files\USB Disk Security
2011-03-12 06:37 . 2011-03-12 06:37 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\Zbshareware Lab
2011-03-12 06:37 . 2011-03-12 06:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab
2011-03-05 05:11 . 2011-03-05 05:12 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-05 02:35 . 2011-03-05 02:35 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\Malwarebytes
2011-03-05 02:35 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 02:35 . 2011-03-05 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-05 02:34 . 2011-03-05 02:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 02:34 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-04 07:16 . 2011-03-04 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InterAction studios
2011-03-02 00:05 . 2011-03-02 00:05 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-02 00:05 . 2011-03-02 00:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-02 00:05 . 2011-03-02 00:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 00:04 . 2011-03-02 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-01 08:02 . 2011-03-01 08:02 -------- d--h--w- c:\windows\PIF
2011-02-27 23:41 . 2011-02-27 23:50 -------- d-----w- c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Nokia
2011-02-27 23:41 . 2011-02-27 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2011-02-27 23:41 . 2011-03-12 17:54 -------- d-----w- c:\documents and settings\PRE-LOADED\Application Data\PC Suite
2011-02-27 23:39 . 2011-02-27 23:40 -------- d-----w- c:\program files\Common Files\Nokia
2011-02-27 23:39 . 2011-02-27 23:39 -------- d-----w- c:\program files\DIFX
2011-02-27 23:39 . 2008-08-26 17:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-02-27 23:39 . 2011-02-27 23:39 -------- d-----w- c:\program files\PC Connectivity Solution
2011-02-27 23:38 . 2010-07-30 22:16 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2011-02-27 23:38 . 2010-07-30 22:16 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2011-02-27 23:38 . 2010-07-30 22:16 23040 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2011-02-27 23:38 . 2010-07-30 22:17 111104 ----a-w- c:\windows\system32\ccdcmbwu.dll
2011-02-27 23:38 . 2010-07-30 22:17 604160 ----a-w- c:\windows\system32\nmwcdcocls.dll
2011-02-27 23:38 . 2010-07-30 22:16 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2011-02-27 23:38 . 2010-02-26 22:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2011-02-27 23:38 . 2010-07-30 22:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-02-27 23:38 . 2004-08-03 16:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-27 23:36 . 2011-03-12 17:36 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-02-27 23:35 . 2011-02-27 23:39 -------- d-----w- c:\program files\Nokia
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-25 10:40 . 2010-11-30 18:28 97112 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-09_06.12.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-15 02:22 . 2011-03-15 02:22 16384 c:\windows\Temp\Perflib_Perfdata_3d8.dat
+ 2011-03-15 02:22 . 2011-03-15 02:22 16384 c:\windows\Temp\Perflib_Perfdata_17c.dat
+ 2009-07-14 19:03 . 2008-11-08 02:55 26144 c:\windows\system32\spupdsvc.exe
+ 2001-08-23 04:00 . 2011-03-15 02:26 68558 c:\windows\system32\perfc009.dat
- 2001-08-23 04:00 . 2011-03-09 05:57 68558 c:\windows\system32\perfc009.dat
+ 2009-07-14 18:35 . 2009-07-14 18:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2001-08-23 04:00 . 2011-03-15 02:26 435828 c:\windows\system32\perfh009.dat
- 2001-08-23 04:00 . 2011-03-09 05:57 435828 c:\windows\system32\perfh009.dat
+ 2009-07-14 18:35 . 2009-07-14 18:35 444136 c:\windows\system32\drivers\wdf01000.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@= "{CDC95B92-E27C-4745-A8C5-64A52A78855D} "
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-01-25 10:40 67680 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"IDMan "= "c:\program files\Internet Download Manager\IDMan.exe" [2010-12-22 3270040]
"Google Update "= "c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-01-28 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RTHDCPL "= "RTHDCPL.EXE" [2008-05-26 16862720]
"SoundMan "= "SOUNDMAN.EXE" [2006-07-21 86016]
"AlcWzrd "= "ALCWZRD.EXE" [2006-05-04 2808832]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-10-27 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-10-27 178712]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-10-27 150040]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Google Pinyin 2 Autoupdater "= "c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" [2010-12-09 1214520]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"USB Antivirus "= "c:\program files\USB Disk Security\USBGuard.exe" [2008-09-24 798720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0autocheck autochk *\0aswBoot.exe /M:ea7899076
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^PRE-LOADED^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\PRE-LOADED\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ----a-w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-03-21 02:21 91432 ----a-r- c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 18:36 50472 ----a-w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-21 03:23 83240 ----a-w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-30 20:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-14 18:33 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe "
"SmartSoft PDF Printer (demo) virtual printer agent "= "c:\program files\Smart PDF Converter Pro\sspdfagentd.exe "
"SmartSoft PDF Printer (demo) Agent "= "c:\program files\Smart PDF Converter Pro\sspdfagentd.exe "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1038:TCP "= 1038:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/1/2010 7:42 PM 165584]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/30/2010 10:28 AM 97112]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 4:24 PM 41456]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 8:56 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/1/2010 7:42 PM 17744]
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [6/17/2010 9:59 PM 81920]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [11/23/2010 5:13 PM 1483072]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 10:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 10:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 10:44 AM 484352]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/16/2009 2:57 PM 110080]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [10/21/2009 8:19 AM 38912]
R3 NETw1x32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETw1x32.sys [9/14/2009 9:21 AM 5929216]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 12:34 PM 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [4/16/2009 2:58 PM 100184]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6/13/2009 11:42 AM 637824]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [12/13/2010 9:30 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-682003330-1003Core.job
- c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-28 20:53]
.
2011-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-879983540-682003330-1003UA.job
- c:\documents and settings\PRE-LOADED\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-28 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND
uInternet Settings,ProxyOverride = *.local
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
FF - ProfilePath - c:\documents and settings\PRE-LOADED\Application Data\Mozilla\Firefox\Profiles\l9l6y25o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\PRE-LOADED\Application Data\IDM\idmmzcc3
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-14 18:31
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll "= "C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD8\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{03c93468-2a17-4a8f-ba1d-ee9e2a83fd55}]
@Denied: (Full) (Everyone)
"Model "=dword:00000049
"Therad "=dword:0000001c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):19,aa,c0,7b,b9,41,4a,c7,59,cd,c9,a1,cc,32,eb,a0,7f,bf,a9,7b,ff,
7a,6d,f7,f3,24,f2,a0,8c,e1,65,d6,19,12,e4,5d,48,26,75,57,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{666c879d-ff05-4d4e-ab51-c0f87e559e10}]
@Denied: (Full) (Everyone)
"Model "=dword:0000002a
"Therad "=dword:0000000e
"MData "=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk "=hex(0):e5,ac,91,6e,45,2b,0f,ac,11,1c,a9,90,41,63,0d,c1,7b,0b,98,60,82,
0b,ea,ba,5a,b3,f4,46,43,c3,61,8b,ef,85,d1,1f,6e,ae,4f,22,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1760)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinService.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2011-03-14 18:33:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-15 02:33
ComboFix2.txt 2011-03-09 06:16
.
Pre-Run: 70,647,209,984 bytes free
Post-Run: 70,629,289,984 bytes free
.
- - End Of File - - 3E35D6B668DF30E38BA561233C7074B8

broni · 2011/03/14

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

shengxian · 2011/03/15

www.eset.com/onlinescan
We are sorry, the page you requested cannot be found.

broni · 2011/03/15

The correct link is: http://www.eset.com/us/online-scanner

shengxian · 2011/03/17

the first scan, due to insufficient time, i had abort the operation and deleted the threats but had forgotten to export it as text file and i just finished running the scan, but there is no icon for me to show list of threats and no place for me to export it as text file. Sir, thank you for your patient help

broni · 2011/03/17

Please, re-run it.

shengxian · 2011/03/18

it is still the same. There is no place for me to export it

broni · 2011/03/18

there is no icon for me to show list of threats and no place for me to export it as text file
Click to expand...

If Eset doesn't find any threats, it won't produce any log.
I'd assume, this is the case.

================================================================

Update Firefox to the latest 3.6.15 version.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3 installation!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

shengxian · 2011/03/18

Thank you sir. before i proceed from the step for updating my adobe, i will like to tell u that my folders in my hard disk is still existing in the shortcut form ;(

broni · 2011/03/18

You're talking about some external drive, correct?
Please explain, what you mean by "shortcuts ".

Log in or Sign up

Solved Files in my removable disk are changed into shortcuts

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Files in my removable disk are changed into shortcuts

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

shengxian Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches