My flash drive is infected with a Worm

I inserted my flashdrive into a computer that was infected and so my flash drive was also infected. AVG calls it Worm/VB.AJD and I don't know if there is another name it goes by since I tried googling it and there was a post I came upon that said it was an AVG term. And the post I read here said I needed to give a hijack this log, but my computer is free of the virus, it's just my flash drive that's having a problem.

But my main problem is that I want to keep the files on my flash drive. The virus infected all files in my flash drive and I used the "Heal" option. It wasn't able to heal them and I quarantined them. Not only did it quarantine the infected files, but it is also deleted off my flash drive. Is there anyway to keep my files and remove the virus from my flash drive?

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:04 PM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Wenngee\Desktop\Hijack(GP)This.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SmartWiConnectionUtility] C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe /WindowsStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O4 - Startup: Adobe Media Player.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0CBF6FB5-68EA-406D-882A-AB3B5984D988} (vpnDialer Control) - https://hotspot.pccwwifi.com/vpn/wlvpndialer.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe --End of file - 17572 bytes

There is nothing wrong with my computer, though. It's just the flash drive that's infected. Or should I have plugged in the flash drive again while I used Hijackthis?

Hello.
There is malware on the machine, but I we can't clean it straight away because there is other issues to deal with first.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Media Player
Adobe Media Player
Adobe Photoshop 7.0
Adobe Photoshop Elements 4.0
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Blockland
Bonjour
Business Contact Manager for Outlook 2003
CC_ccProxyExt
ccCommon
ccPxyCore
Cingular Connection Manager
CONNECT
Corel Painter Essentials 3
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Converter 2.62
DirectVobSub (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DVgate Plus
Furcadia
Google Toolbar for Firefox
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HotKey Utility
Image Converter 2
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
iPod Updater 2004-10-20
iTunes
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Manga Studio Debut 3.0
McAfee SecurityCenter
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.8)
mPfMgr
mProSafe
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MultiTranse 3.7.1
mWlsSafe
mXML
Netflix Movie Viewer
nik Color Efex Pro 2.0 IE
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
openCanvas4.06E
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
OpenOffice.org 3.0
QuickTime
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Setting Utility Series
Sid Meier's Civilization 4
Sims2Pack Clean Installer
SmartWi Connection Utility
SoftV92 Data Fax Modem
Sonic RecordNow!
SonicStage 3.0
SonicStage Mastering Studio 1.4
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
SonicStage MP3 Add-on program
Sony Certificate PCH
Sony Ericsson Wireless Modem
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SoundMAX
SPBBC
SpySubtract
Symantec Script Blocking Installer
SymNet
Tablet
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims 2 Bon Voyage
The Sims 2 Deluxe
The Sims 2 Seasons
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Control Center
VAIO Entertainment Platform
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Messenger

Hello.

You are running more than one antivirus, this is a bad idea as they can conflict and cause problems.
I would recommend that you remove Norton and Mcafee to avoid conflict and other future problems.

b]Completely Uninstall Norton software using:[/b]

• SymNRT.exe
  

Instructions

1. Please download and save SymNRT.exe to your desktop.
   
2. Close all programs and double click on the tool.
   
3. Follow the on-screen instructions.
   
4. Restart the computer if asked.
   
5. Then delete the SymNRT.exe tool from your desktop.
   
6. Open the Program Files folder on your local disk ( normally C: )
   
7. Find and delete the following folders (if present):
   [list]
   
8. Norton AntiVirus
   
9. Norton Internet Security
   
10. Norton SystemWorks
    
11. Norton Personal Firewall
    

Then go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• J2SE Runtime Environment 5.0
  
• Java(TM) 6 Update 7
  
• McAfee SecurityCenter
  
• SpySubtract
  
• Viewpoint Manager (Remove Only)
  
• Viewpoint Media Player
  

Please plug in the infected stick now.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix. Make sure Norton and Mcafee are gone before running this.
  
• See HERE for how to disable your AV. (AVG8)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I just downloaded Combofix, but it's asking me what I should open it with. What am I supposed to open Combofix with?

Just running the exe file should start Combofix.

I forgot to put in the flash drive when I did the scan...so this is the scan without the flash drive

ComboFix 09-04-22.02 - Wenngee 04/21/2009 19:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.218 [GMT -4:00]
Running from: c:\documents and settings\Wenngee\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\(Read Me)Pendekar Blank.txt
c:\windows\setup.exe
c:\windows\system32\dllchache
c:\windows\system32\dllchache\msvbvm60.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-21 22:26 . 2009-04-21 23:02 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-14 23:40 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 23:39 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 23:39 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 23:39 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 23:39 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 23:39 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 23:39 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 23:39 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 23:39 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 23:35 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 23:35 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 23:35 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\scripting
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\l2schemas
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\en
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\bits
2009-03-31 22:42 . 2009-03-31 22:59 -------- d-----w c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 22:15 . 2007-01-18 23:19 -------- d-----w c:\documents and settings\Wenngee\Application Data\Viewpoint
2009-04-21 22:15 . 2005-09-06 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-21 22:15 . 2005-09-06 23:25 -------- d-----w c:\program files\Viewpoint
2009-04-21 22:06 . 2007-06-22 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-21 22:03 . 2005-09-06 20:49 -------- d-----w c:\program files\McAfee.com
2009-04-21 21:59 . 2006-08-09 01:07 16822 ----a-w c:\windows\system32\tablet.dat
2009-04-21 21:16 . 2005-03-31 19:52 -------- d-----w c:\program files\Java
2009-04-21 19:57 . 2008-05-13 03:08 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-21 19:57 . 2008-05-13 03:08 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-21 19:56 . 2008-05-13 03:08 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 21:27 . 2005-09-23 21:59 30744 ----a-w c:\documents and settings\Wenngee\Application Data\wklnhst.dat
2009-04-19 01:55 . 2006-12-08 23:12 -------- d-----w c:\program files\Furcadia
2009-04-18 02:59 . 2008-05-23 04:22 268 ---ha-w C:\sqmdata05.sqm
2009-04-18 02:59 . 2008-05-23 04:22 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-17 04:45 . 2008-05-22 05:34 268 ---ha-w C:\sqmdata04.sqm
2009-04-17 04:45 . 2008-05-22 05:34 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-13 01:33 . 2009-04-13 01:21 -------- d-----w c:\program files\Blockland
2009-04-06 21:22 . 2008-05-13 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-01 03:40 . 2008-05-21 04:24 268 ---ha-w C:\sqmdata03.sqm
2009-04-01 03:40 . 2008-05-21 04:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-31 23:16 . 2005-03-31 02:49 326711 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 22:31 . 2005-03-31 01:29 250048 --sha-r C:\ntldr
2009-03-17 00:06 . 2005-09-07 00:12 80064 -c--a-w c:\documents and settings\Wenngee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 02:44 . 2009-03-08 02:44 -------- d-----w c:\program files\Netflix
2009-03-06 14:22 . 2005-03-31 01:29 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:53 . 2009-03-03 00:53 -------- d-----w c:\documents and settings\Wenngee\Application Data\OpenOffice.org
2009-03-03 00:37 . 2009-03-03 00:37 -------- d-----w c:\program files\JRE
2009-03-03 00:37 . 2009-03-03 00:36 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-03 00:18 . 2005-03-31 01:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-03-31 01:29 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-03-31 01:29 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-03-31 01:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-03-31 01:29 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-03-31 01:29 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-03-31 01:29 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2005-03-31 01:29 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-31 01:29 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-03-31 01:29 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2005-03-31 01:29 56832 ----a-w c:\windows\system32\secur32.dll
2008-06-30 22:23 . 2008-08-29 22:22 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-09-20 22:59 . 2005-09-20 22:59 130 -c--a-w c:\documents and settings\Wenngee\Local Settings\Application Data\fusioncache.dat
2005-09-06 18:46 . 2005-03-31 20:35 67144 -c----w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r c:\windows\@@desktop.dat
2008-04-14 00:12 . 2005-03-31 01:29 1384479 --sh--r c:\windows\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"WCULauncher"="c:\program files\Sony\SmartWi Connection Utility\WCULauncher.exe" [2005-03-16 15360]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SmartWiConnectionUtility"="c:\program files\Sony\SmartWi Connection Utility\SmartWi.exe" [2005-03-16 618496]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-21 1601304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-8-8 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-21 19:57 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 npkycryp;npkycryp; [x]
R3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\DRIVERS\GCXX.sys [2005-01-03 114944]
R3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\DRIVERS\GCXXNet.sys [2005-01-03 53248]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-21 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-21 107272]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-21 903960]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-21 298264]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]

.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Creative WebCam Tray - c:\program files\Creative\Shared Files\CamTray.exe
HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKLM-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {0CBF6FB5-68EA-406D-882A-AB3B5984D988} - hxxps://hotspot.pccwwifi.com/vpn/wlvpndialer.ocx
FF - ProfilePath - c:\documents and settings\Wenngee\Application Data\Mozilla\Firefox\Profiles\4qqjxhya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - comcast.net
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Wenngee\Application Data\Mozilla\Firefox\Profiles\4qqjxhya.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\msv1_0.dll
.
Completion time: 2009-04-21 19:29
ComboFix-quarantined-files.txt 2009-04-21 23:28

Pre-Run: 3,851,665,408 bytes free
Post-Run: 5,195,517,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

210 --- E O F --- 2009-04-21 19:51

The scan with the flash drive:

ComboFix 09-04-22.02 - Wenngee 04/21/2009 19:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.300 [GMT -4:00]
Running from: c:\documents and settings\Wenngee\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-21 22:26 . 2009-04-21 23:02 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-14 23:40 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 23:39 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 23:39 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 23:39 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 23:39 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 23:39 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 23:39 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 23:39 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 23:39 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 23:35 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 23:35 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 23:35 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\scripting
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\l2schemas
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\en
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\bits
2009-03-31 22:42 . 2009-03-31 22:59 -------- d-----w c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 22:15 . 2007-01-18 23:19 -------- d-----w c:\documents and settings\Wenngee\Application Data\Viewpoint
2009-04-21 22:15 . 2005-09-06 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-21 22:15 . 2005-09-06 23:25 -------- d-----w c:\program files\Viewpoint
2009-04-21 22:06 . 2007-06-22 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-21 22:03 . 2005-09-06 20:49 -------- d-----w c:\program files\McAfee.com
2009-04-21 21:59 . 2006-08-09 01:07 16822 ----a-w c:\windows\system32\tablet.dat
2009-04-21 21:16 . 2005-03-31 19:52 -------- d-----w c:\program files\Java
2009-04-21 19:57 . 2008-05-13 03:08 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-21 19:57 . 2008-05-13 03:08 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-21 19:56 . 2008-05-13 03:08 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 21:27 . 2005-09-23 21:59 30744 ----a-w c:\documents and settings\Wenngee\Application Data\wklnhst.dat
2009-04-19 01:55 . 2006-12-08 23:12 -------- d-----w c:\program files\Furcadia
2009-04-18 02:59 . 2008-05-23 04:22 268 ---ha-w C:\sqmdata05.sqm
2009-04-18 02:59 . 2008-05-23 04:22 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-17 04:45 . 2008-05-22 05:34 268 ---ha-w C:\sqmdata04.sqm
2009-04-17 04:45 . 2008-05-22 05:34 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-13 01:33 . 2009-04-13 01:21 -------- d-----w c:\program files\Blockland
2009-04-06 21:22 . 2008-05-13 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-01 03:40 . 2008-05-21 04:24 268 ---ha-w C:\sqmdata03.sqm
2009-04-01 03:40 . 2008-05-21 04:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-31 23:16 . 2005-03-31 02:49 326711 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 22:31 . 2005-03-31 01:29 250048 --sha-r C:\ntldr
2009-03-17 00:06 . 2005-09-07 00:12 80064 -c--a-w c:\documents and settings\Wenngee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 02:44 . 2009-03-08 02:44 -------- d-----w c:\program files\Netflix
2009-03-06 14:22 . 2005-03-31 01:29 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:53 . 2009-03-03 00:53 -------- d-----w c:\documents and settings\Wenngee\Application Data\OpenOffice.org
2009-03-03 00:37 . 2009-03-03 00:37 -------- d-----w c:\program files\JRE
2009-03-03 00:37 . 2009-03-03 00:36 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-03 00:18 . 2005-03-31 01:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-03-31 01:29 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-03-31 01:29 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-03-31 01:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-03-31 01:29 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-03-31 01:29 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-03-31 01:29 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2005-03-31 01:29 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-31 01:29 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-03-31 01:29 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2005-03-31 01:29 56832 ----a-w c:\windows\system32\secur32.dll
2008-06-30 22:23 . 2008-08-29 22:22 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-09-20 22:59 . 2005-09-20 22:59 130 -c--a-w c:\documents and settings\Wenngee\Local Settings\Application Data\fusioncache.dat
2005-09-06 18:46 . 2005-03-31 20:35 67144 -c----w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r c:\windows\@@desktop.dat
2008-04-14 00:12 . 2005-03-31 01:29 1384479 --sh--r c:\windows\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"WCULauncher"="c:\program files\Sony\SmartWi Connection Utility\WCULauncher.exe" [2005-03-16 15360]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SmartWiConnectionUtility"="c:\program files\Sony\SmartWi Connection Utility\SmartWi.exe" [2005-03-16 618496]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-21 1601304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-8-8 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-21 19:57 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 npkycryp;npkycryp; [x]
R3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\DRIVERS\GCXX.sys [2005-01-03 114944]
R3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\DRIVERS\GCXXNet.sys [2005-01-03 53248]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-21 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-21 107272]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-21 903960]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-21 298264]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]

.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {0CBF6FB5-68EA-406D-882A-AB3B5984D988} - hxxps://hotspot.pccwwifi.com/vpn/wlvpndialer.ocx
FF - ProfilePath - c:\documents and settings\Wenngee\Application Data\Mozilla\Firefox\Profiles\4qqjxhya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - comcast.net
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\msv1_0.dll

- - - - - - - > 'explorer.exe'(4584)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-21 19:38
ComboFix-quarantined-files.txt 2009-04-21 23:37
ComboFix2.txt 2009-04-21 23:29

Pre-Run: 5,209,423,872 bytes free
Post-Run: 5,195,296,768 bytes free

192 --- E O F --- 2009-04-21 19:51

This will not delete the files on my flash drive, right...? Or is it impossible to remove the virus without removing the files already on it?

Did you have your stick plugged in at the time of running Combofix?

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
npkycryp

Folder::
c:\documents and settings\Wenngee\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\Viewpoint

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

DDS::
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Last edited by Belahzur on 22nd April 2009, 12:47 am; edited 1 time in total

I did for the second scan. But I think I turned off something so the computer will not automatically run flash drive. Should I take it off? (I forgot how I even went there though...)

Hello.
I just edited my above post, made a slight error, so please refresh for the new script and run that.

The first script that you gave me gave me a log of the files deleted, but I tried it with the edited script and I don't think it mentions the files deleted (I unfortunately lost the earlier log though...)

ComboFix 09-04-22.02 - Wenngee 04/21/2009 22:49.4 - NTFSx86
Running from: c:\documents and settings\Wenngee\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wenngee\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-21 22:26 . 2009-04-21 23:02 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-14 23:40 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 23:39 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 23:39 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 23:39 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 23:39 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 23:39 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 23:39 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 23:39 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 23:39 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 23:35 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-14 23:35 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 23:35 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\scripting
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\l2schemas
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\en
2009-03-31 22:57 . 2009-03-31 22:57 -------- d-----w c:\windows\system32\bits
2009-03-31 22:42 . 2009-03-31 22:59 -------- d-----w c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 02:57 . 2006-08-09 01:07 16822 ----a-w c:\windows\system32\tablet.dat
2009-04-21 22:06 . 2007-06-22 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-21 22:03 . 2005-09-06 20:49 -------- d-----w c:\program files\McAfee.com
2009-04-21 21:16 . 2005-03-31 19:52 -------- d-----w c:\program files\Java
2009-04-21 19:57 . 2008-05-13 03:08 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-21 19:57 . 2008-05-13 03:08 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-21 19:56 . 2008-05-13 03:08 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-19 21:27 . 2005-09-23 21:59 30744 ----a-w c:\documents and settings\Wenngee\Application Data\wklnhst.dat
2009-04-19 01:55 . 2006-12-08 23:12 -------- d-----w c:\program files\Furcadia
2009-04-18 02:59 . 2008-05-23 04:22 268 ---ha-w C:\sqmdata05.sqm
2009-04-18 02:59 . 2008-05-23 04:22 244 ---ha-w C:\sqmnoopt05.sqm
2009-04-17 04:45 . 2008-05-22 05:34 268 ---ha-w C:\sqmdata04.sqm
2009-04-17 04:45 . 2008-05-22 05:34 244 ---ha-w C:\sqmnoopt04.sqm
2009-04-13 01:33 . 2009-04-13 01:21 -------- d-----w c:\program files\Blockland
2009-04-06 21:22 . 2008-05-13 03:07 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-01 03:40 . 2008-05-21 04:24 268 ---ha-w C:\sqmdata03.sqm
2009-04-01 03:40 . 2008-05-21 04:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-31 23:16 . 2005-03-31 02:49 326711 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 22:31 . 2005-03-31 01:29 250048 --sha-r C:\ntldr
2009-03-17 00:06 . 2005-09-07 00:12 80064 -c--a-w c:\documents and settings\Wenngee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 02:44 . 2009-03-08 02:44 -------- d-----w c:\program files\Netflix
2009-03-06 14:22 . 2005-03-31 01:29 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:53 . 2009-03-03 00:53 -------- d-----w c:\documents and settings\Wenngee\Application Data\OpenOffice.org
2009-03-03 00:37 . 2009-03-03 00:37 -------- d-----w c:\program files\JRE
2009-03-03 00:37 . 2009-03-03 00:36 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-03 00:18 . 2005-03-31 01:29 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-03-31 01:29 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2005-03-31 01:29 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-03-31 01:29 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-03-31 01:29 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-03-31 01:29 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-03-31 01:29 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2005-03-31 01:29 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-31 01:29 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-03-31 01:29 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2005-03-31 01:29 56832 ----a-w c:\windows\system32\secur32.dll
2008-06-30 22:23 . 2008-08-29 22:22 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-09-20 22:59 . 2005-09-20 22:59 130 -c--a-w c:\documents and settings\Wenngee\Local Settings\Application Data\fusioncache.dat
2005-09-06 18:46 . 2005-03-31 20:35 67144 -c----w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
1999-07-07 00:00 . 1999-07-07 00:00 6 -csh--r c:\windows\@@desktop.dat
2008-04-14 00:12 . 2005-03-31 01:29 1384479 --sh--r c:\windows\system32\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"WCULauncher"="c:\program files\Sony\SmartWi Connection Utility\WCULauncher.exe" [2005-03-16 15360]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SmartWiConnectionUtility"="c:\program files\Sony\SmartWi Connection Utility\SmartWi.exe" [2005-03-16 618496]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-21 1601304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-8-8 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-21 19:57 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\DRIVERS\GCXX.sys [2005-01-03 114944]
R3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\DRIVERS\GCXXNet.sys [2005-01-03 53248]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-21 325128]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-21 107272]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-21 903960]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-21 298264]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-06-19 71961]

.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {0CBF6FB5-68EA-406D-882A-AB3B5984D988} - hxxps://hotspot.pccwwifi.com/vpn/wlvpndialer.ocx
FF - ProfilePath - c:\documents and settings\Wenngee\Application Data\Mozilla\Firefox\Profiles\4qqjxhya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - comcast.net
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Wenngee\Application Data\Mozilla\Firefox\Profiles\4qqjxhya.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1908)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\Tablet.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\fxssvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
.
**************************************************************************
.
Completion time: 2009-04-22 23:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 03:06
ComboFix2.txt 2009-04-22 01:06
ComboFix3.txt 2009-04-21 23:38
ComboFix4.txt 2009-04-21 23:29

Pre-Run: 5,330,464,768 bytes free
Post-Run: 5,644,845,056 bytes free

217 --- E O F --- 2009-04-21 19:51

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Let me know how the machine is running now.

Well, I've noticed that ever since I did all the stuff you told me to do, my computer's been a lot faster at least. =) I thank you for that.

But what do I do with the flash drive?

Well if you ran it when you run Combofix, then autorun should be switched off now.

Please download Flash_Disinfector from HERE

• First, download it to your desktop.
  
• Now double click it to run it and will tell it you what to do when you open it.
  
• It will temporarily kill explorer.exe and your desktop will go blank.
  
• Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
  
• It will make a dummy autorun.inf in the root of every drive.
  
• You can now delete Flash_Disinfector.exe.
  

Okay, I did that and inserted my flash drive in. I pressed "OK" and the desktop went blank as you said then a window with "Done!" came up. Was that it or was there going to be a whole set up before the desktop went blank?

Yep, that's it. Your desktop should of re-appeared.

Yup, it did. =D So my flash drive is fully disinfected?

I'd say so, if it has a flash drive infection on it, you'd notice an error - "Can't find "resycled\boot.com""

It should be fine now.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Alright, I'll be sure to download the anti-malware software. =)

And...I tried checking the USB port, but the virus is still there... My folders have turned into .exe's and AVG picked up the same virus. And I think the autorun.inf thing is also infected too.

And when I clicked on one of the .exe's it gave me "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them"

Flash_Disinfecter creates an autorun.inf FOLDER in the root of the drive.
If there's an autorun.inf FILE present, delete it.

Okay, I deleted the other auto.inf folder I had previously and used Flash Disinfector again. I tried to see if the files became folders again and nothing still hasn't changed. =(

Is there something I'm doing wrong?

No, your doing it right. It's just I can't come up with a real explanation that files have suddenly changed to folders.

There's no autorun left on the drive, so it shouldn't be happening. I take it you know how to show hidden files in order to delete the autorun.inf FOLDER made by Flash_Disinfector.

Oops, I said that wrong, I'm sorry! I meant what used to be folders are still files. I can show you a screenshot if you need it. (The folders were...folders before the infection but were turned into files when the stick became infected)

And I don't know how to show hidden files....but I will look up how to. When I find out how and delete the file, I'll post again.

Last edited by Hikari012 on 24th April 2009, 1:20 am; edited 1 time in total (Reason for editing : Clarification)

For showing the hidden files. I did Tools> Folder Options...>View and then checked to show hidden files and folders. I tried looking for the auto file, but I could not find it anywhere.

Did you set it to show (protected) hidden operating system files.

Oh oops, I didn't, but now I did and deleted the autorun.inf folder.

What do I do now?

Hmm, any change now? any autorun causing a change should have stopped.

I don't think there's any change...The folders are still files. But when I put unchecked the option to show hidden protected files, my folders (but transparent) are there (along with the files). The virus is still present also.

Last edited by Hikari012 on 24th April 2009, 11:14 pm; edited 1 time in total (Reason for editing : Clarification)

You can change them from being hidden if needed, that's just file attributes.
Can you show me a screenshot please?

Okay, new idea.
What happens when you try to "run" the files that should be folders? it looks like the picture might have been changed.

The virus is still present on the stick. Every time I insert the stick, my AV detects the virus in them.

And I tried to click on a file and a window popped up saying "Windows cannot access the specified device, file, or path. You may not have appropriate permissions to access the item."

Hmm.
Then the files maybe damaged by the infection, they might have to be deleted, because I don't think they can be saved.

Well...there was one time when I stupidly turned off my AV and tried to see if I can still access the files. I was able to...but that was before I came here to get help. I don't know if after I've done many things to the stick that I'm unable to look into the files at all.

So there is really no way for them to be saved? =(

Nope, I don't think so.

Oh alright...Thanks for helping me though! You made my computer run faster at least =)