Alright so I read around.. and I tried different things that I read and none of it has helped my problem. Randomly during the day (but atleast 5 times a day, maybe more) a screen comes up saying something to the extent of... "An unexpected error has occurred and Windows will shut down in 60 seconds... Services.exe status code - 1073741819" or something like that and it runs down a timer for 60 seconds and reboots my computer... It is obviously annoying but also I've noticed my computer has really really been slowing down since I got that the first time.
So I tried using Spybot: S&D and I thought it fixed it but then I got the error again.... I've never posted a HJT logfile before so forgive me if I look stupid or do something wrong... but here is what it came up with
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:28 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Ryan S\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: {9eb171a8-02b0-0ffb-d224-2ca17987f81b} - {b18f7897-1ac2-422d-bff0-0b208a171be9} - C:\WINDOWS\system32\psgupcci.dll (file missing)
O2 - BHO: (no name) - {D905B3B7-BC68-4958-9488-EB3D849A4B34} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v41/mines/mines.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvtonic.com/install/3.0/install.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O20 - Winlogon Notify: jkkljhg - jkkljhg.dll (file missing)
O20 - Winlogon Notify: onoifiyn - onoifiyn.dll (file missing)
O20 - Winlogon Notify: winppp32 - winppp32.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CGYRQCZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\CGYRQCZ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TJ - Unknown owner - C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\TJ.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
--
End of file - 18540 bytes
Any help on what to do next would be greatly appreciated.. .Thanks alot. :mitch:
Hi Ryan002
Until you get further help with your HJT logfile from the forum team:
Click Start->Run, and type shutdown -a and press Enter. That will stop the shutdown sequence.
Hi, Ryan002. Welcome to LandzDown Forum.
I don't think I have ever seen a log with that many services running or, most likely, that many games downloaded from the same site. Based on some of the research I have done on your log, I think we had best jump to the big guns.
Please follow the instructions exactly!
Download
Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this tutorial: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1 (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Link 2 (http://"http://www.forospyware.com/sUBs/ComboFix.exe")
Link 3 (http://"http://subs.geekstogo.com/ComboFix.exe")
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
--------------------------------------------------------------------
Double click on
combofix.exe & follow the prompts.
When finished, it will produce a report for you. - Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Thanks stealthzone and thanks Corrine... I ran combofix.exe and it came out with the following:
ComboFix 08-02.05.3 - Ryan S 2008-02-04 23:43:32.2 - NTFSx86
Running from: C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.
2008-02-03 03:25 . 2008-02-03 03:26 <DIR> d-------- C:\Computer Fixers
2008-02-03 02:13 . 2008-02-03 02:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 02:13 . 2008-02-03 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 02:03 . 2008-02-03 02:03 <DIR> d-------- C:\getservice
2008-02-02 04:33 . 2008-02-02 04:33 6,369,280 --a------ C:\WINDOWS\system32\PHYYA
2008-02-02 03:26 . 2008-02-02 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 16:42 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-31 16:42 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-31 16:42 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-31 16:40 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-31 16:39 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-31 16:38 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-31 16:37 . 2006-03-15 07:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-31 16:36 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-31 16:35 . 2006-03-15 07:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-31 16:34 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-31 16:33 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-31 16:32 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-31 16:31 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-31 16:30 . 2006-03-15 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-31 16:29 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-31 16:28 . 2006-03-15 07:00 226,816 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-31 16:27 . 2006-03-15 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-31 16:26 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-31 16:25 . 2006-03-15 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-01-31 16:24 . 2006-03-15 07:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-31 16:23 . 2006-03-15 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-31 16:22 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-01-31 16:21 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-31 16:20 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-31 16:19 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-31 16:18 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-01-31 16:17 . 2006-03-15 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-31 16:16 . 2004-08-04 00:56 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-01-31 16:15 . 2006-03-15 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-31 16:14 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-31 04:30 . 2008-02-04 11:20 <DIR> d-------- C:\Documents and Settings\Ryan S\Application Data\AVG7
2008-01-31 04:29 . 2008-01-31 04:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 04:28 . 2008-01-31 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 04:28 . 2008-01-31 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 13:44 . 2008-01-30 13:44 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-30 13:44 . 2008-01-31 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-30 00:05 . 2008-01-30 00:05 114 --a------ C:\temp2.bat
2008-01-30 00:00 . 2008-01-30 00:00 3,072 --a------ C:\WINDOWS\system32\kbdsdf.dll
2008-01-29 23:56 . 2008-01-29 23:56 54,764 --a------ C:\WINDOWS\system32\drivers\qwer78.sys
2008-01-29 23:56 . 2008-01-29 23:56 3,584 --a------ C:\asswegsh.exe
2008-01-29 23:56 . 2008-01-29 23:56 2 --a------ C:\-468528450
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 08:27 --------- d-----w C:\Program Files\Last.fm
2008-02-03 00:23 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-31 09:39 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\AdobeUM
2008-01-30 04:56 --------- d-----w C:\Program Files\Winamp
2008-01-30 04:56 --------- d-----w C:\Program Files\uTorrent
2008-01-30 04:55 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\uTorrent
2008-01-28 23:56 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\LimeWire
2008-01-11 04:59 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-11 04:55 --------- d-----w C:\Program Files\Avanquest update
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-29 05:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 05:31 --------- d-----w C:\Program Files\Pinnacle
2007-12-29 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-12-29 05:29 --------- d-----w C:\Program Files\SmartSound Software
2007-12-29 05:27 --------- d-----w C:\Program Files\DivX
2007-12-20 07:03 --------- d-----w C:\Program Files\iTunes
2007-12-20 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-12-11 13:38 --------- d-----w C:\Program Files\LimeWire
2007-12-07 09:20 25,600 ----a-w C:\Documents and Settings\Ryan S\usbsermptxp.sys
2007-12-07 09:20 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-12-07 09:20 22,768 ----a-w C:\Documents and Settings\Ryan S\usbsermpt.sys
2007-11-21 08:16 22,016 ----a-w C:\WINDOWS\system32\avmeterb.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-12-20 17:54 356,352 ----a-w C:\Documents and Settings\Ryan S\cwshredder.dll
2006-12-06 03:29 92,064 ----a-w C:\Documents and Settings\Ryan S\mqdmmdm.sys
2006-12-06 03:29 9,232 ----a-w C:\Documents and Settings\Ryan S\mqdmmdfl.sys
2006-12-06 03:29 79,328 ----a-w C:\Documents and Settings\Ryan S\mqdmserd.sys
2006-12-06 03:29 66,656 ----a-w C:\Documents and Settings\Ryan S\mqdmbus.sys
2006-12-06 03:29 6,208 ----a-w C:\Documents and Settings\Ryan S\mqdmcmnt.sys
2006-12-06 03:29 5,936 ----a-w C:\Documents and Settings\Ryan S\mqdmwhnt.sys
2006-12-06 03:29 4,048 ----a-w C:\Documents and Settings\Ryan S\mqdmcr.sys
2006-10-13 11:07 81,920 ----a-w C:\Documents and Settings\Ryan S\Application Data\ezpinst.exe
2006-10-13 11:07 47,360 ----a-w C:\Documents and Settings\Ryan S\Application Data\pcouffin.sys
2006-10-05 16:44 1,108 ----a-w C:\Documents and Settings\Ryan S\Application Data\wklnhst.dat
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b18f7897-1ac2-422d-bff0-0b208a171be9}]
C:\WINDOWS\system32\psgupcci.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D905B3B7-BC68-4958-9488-EB3D849A4B34}]
C:\WINDOWS\system32\awvvs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F631AAE2-4C20-11DC-8929-D3F855D89593}]
C:\WINDOWS\se_spoof.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 22:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 20:24 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 16:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 23:36 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 14:11 176128]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 15:58 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 12:50 185896]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 04:28 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-31 04:28 219136]
C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-20 02:00:31 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TVTonic Media Player.lnk - C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe [2006-10-06 18:24:52 315392]
TVTonic Tray.lnk - C:\Program Files\Wavexpress\TVTonic\WXTray.exe [2006-06-02 12:27:14 872448]
Venturi 2.lnk - C:\Program Files\Venturi2\Configurator\ventcfg.exe [2007-07-26 05:20:44 1478656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}"= C:\WINDOWS\system32\winload.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkljhg]
jkkljhg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\onoifiyn]
onoifiyn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winppp32]
winppp32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ryan S^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-15 07:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2004-08-10 05:43 188416 C:\Program Files\Windows Plus\Dancer\Dancer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
C:\WINDOWS\system32\bboynsav.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-04-05 13:21 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-04-05 13:21 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-04-05 13:21 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 18:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
C:\WINDOWS\system32\mswinup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-07-12 03:23 160832 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
c:\program files\seekmo\seekmo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 04:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-05 12:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 17:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
C:\WINDOWS\system32\winupsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
C:\WINDOWS\system32\winsvcup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 CGYRQCZ;CGYRQCZ;C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\CGYRQCZ.exe [2008-02-02 05:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 00:39]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 TJ;TJ;C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\TJ.exe []
S3 USB28xxBGA;PCTV 330e/8x0e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 07:40]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 07:40]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d793-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d794-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - H:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - H:\TVCenterPro.exe
\Shell\Shell02\Command - H:\TVCenterProSettings.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd8c2ec-b5d4-11dc-ba91-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - G:\TVCenterPro.exe
\Shell\Shell02\Command - G:\TVCenterProSettings.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-30 22:32:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 23:45:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-04 23:46:29
ComboFix-quarantined-files.txt 2008-02-05 04:46:03
ComboFix2.txt 2008-02-02 09:49:43
.
2008-01-09 08:04:08 --- E O F ---
Then I ran HJT and this log was created:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:16 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ryan S\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: {9eb171a8-02b0-0ffb-d224-2ca17987f81b} - {b18f7897-1ac2-422d-bff0-0b208a171be9} - C:\WINDOWS\system32\psgupcci.dll (file missing)
O2 - BHO: (no name) - {D905B3B7-BC68-4958-9488-EB3D849A4B34} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v41/mines/mines.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvtonic.com/install/3.0/install.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O20 - Winlogon Notify: jkkljhg - jkkljhg.dll (file missing)
O20 - Winlogon Notify: onoifiyn - onoifiyn.dll (file missing)
O20 - Winlogon Notify: winppp32 - winppp32.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CGYRQCZ - Unknown owner - C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\CGYRQCZ.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TJ - Unknown owner - C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\TJ.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
--
End of file - 18491 bytes
:? :(
Hi, Ryan002. You ran ComboFix twice. I need to see what was removed. Please post the contents of this file: ComboFix-quarantined-files.txt
I also need to know if you disabled AVG while ComboFix was running.
I have been continuing to research your log -- in fact, I have spent a considerable amount of time at it and based on your surfing habits, I strongly recommend that the computer be reformatted. Your use of Limewire and and out of date software (Sun Java and Adobe) have resulted in more than one back door trojan being installed on your computer. If the cleaning process is continued, although it might appear on the surface that all have been removed, there is no guarantee unless you start with a clean install.
QuoteThese programs, sometimes called Remote Access Trojans (RAT) or Backdoor Software (named as the software opens a "back door" on your computer in which it can tell your machine what to do), are sometimes attached to Trojan Horses, viruses, worms, and spyware exploits. If your system is infected, there is virtually no limit to what these programs can do:
* Use your computer to relay SPAM to other individuals.
* Steal your passwords and other stored information, such as credit card numbers.
* Read your e-mail or other private information.
* Use your computer as a Denial of Service (DoS) agent to attack other computers.
* Randomly delete files or change system settings.
The result is downright scary. These malware packages can get on your computer in various ways, including:
* Downloading malicious software from the Internet that looks like something else (Trojan Horse attack)
* Viewing a website that exploits a vulnerability with your web browser.
* Merely turning on a vulnerable, unpatched computer and connecting it to the Internet for a period of time.
Here is one example that is on your computer:
ACTIVITY ANALYSIS OF: WINSVCUP.EXE
* The following behaviors have been observed for this object:
* Deletes programs.
* Invokes dll components.
* Creates Run Keys.
* Communicates with web sites using httpout protocols.
* Has mass mail capabilities.
* Communicates with other computers across the web.
* Has outbound communications.
* Can hide files from the user, such as rootkits.
* Creates registry entries.
* Creates run keys for known malware.
* Packed Executable.
* Hidden From Task Manager.
~~~~~~~~~~~~~~~~~~~
Please let me know what your decision is.
:( Damn would that be the only way you think to fix it? (Reformatting)... because I have like 6,000 songs and alot of pictures and documents that I wouldn't want to lose =\... It just makes me hesitant thinking that I'd have to start from scratch with everything... But I also don't want whatever viruses that are on my computer now ruin everything... If there is any other possible solution, that would be great... if not, I guess I'd have to settle for losing everything.......
But again, I appreciate all your help very much. Thanks.
We can give it a try, but no guarantees. I'd suggest backing up your music, pictures and files.
Do you have the ComboFix-quarantined-files.txt
Yes... sorry
2003-07-24 14:51 111552 --a------ C:\Qoobox\Quarantine\C\WINDOWS\setup.exe.vir
2006-03-15 07:00 111104 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000009_.tmp.dll.vir
2006-03-15 07:00 983552 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2007-11-21 03:16 23552 --a------ C:\Qoobox\Quarantine\C\Program Files\TrustIn Kontekstual\InTru.dll.vir
2007-11-22 03:28 22016 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\advapi32b.dll.vir
2008-01-30 00:01 15872 --a------ C:\Qoobox\Quarantine\C\Program Files\Helper\1201669302.dll.vir
2008-01-30 12:14 9966 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mt_32.dll.vir
2008-01-31 02:42 1181065 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vasnyobb.ini.vir
2008-01-31 02:42 573 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-01-31 02:53 21252 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\onoifiyn.dllbox.vir
2008-01-31 04:33 424788 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\svvwa.ini2.vir
2008-01-31 04:36 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-01-31 04:36 424788 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\svvwa.ini.vir
2008-02-02 04:41 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.dat
2008-02-02 04:41 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.dat
2008-02-02 04:41 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat
Ok, Ryan002, let's see what we can do.
You
must follow the directions carefully and in the order given. We will start with ComboFix but then you will also need to follow-up with additional steps before I review your logs again and see where things stand. It has taken me a considerable amount of time reviewing and researching your log and it will take you a chunk of time to follow through.
A.
Custom CFScript
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
QuoteFile::
C:\WINDOWS\system32\dllcache\korwbrkr.lex
C:\WINDOWS\system32\dllcache\ati3duag.dll
C:\WINDOWS\system32\kbdsdf.dll
C:\WINDOWS\system32\drivers\qwer78.sys
C:\asswegsh.exe
C:\-468528450
C:\temp2.bat
C:\WINDOWS\system32\PHYYA
C:\Computer Fixers
C:\getservice
C:\WINDOWS\System32\jkkljhg.dll
C:\WINDOWS\System32\onoifiyn.dll
C:\WINDOWS\system32\winppp32.dll
C:\WINDOWS\system32\bboynsav.dll
C:\WINDOWS\system32\winload.dll
C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\CGYRQCZ.exe
C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\TJ.exe
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b18f7897-1ac2-422d-bff0-0b208a171be9}]
"C:\WINDOWS\system32\psgupcci.dll"=-
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D905B3B7-BC68-4958-9488-EB3D849A4B34}]
"C:\WINDOWS\system32\awvvs.dll"=-
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F631AAE2-4C20-11DC-8929-D3F855D89593}]
"C:\WINDOWS\se_spoof.dll"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkljhg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\onoifiyn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winppp32]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
"C:\WINDOWS\system32\mswinup.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
"C:\WINDOWS\system32\winupsvc.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
"C:\WINDOWS\system32\winsvcup.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
"C:\WINDOWS\system32\bboynsav.dll"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}"=-
Driver::
qwer78
CGYRQCZ
TJ
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi266.photobucket.com%2Falbums%2Fii277%2FsUBs_%2FCFScript.gif&hash=e717b6d6f30949c01276451bd9201cb4202ba3db)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
B.
SunJavaNext, you must remove all vulnerable versions of SunJava and update to the latest release. In particular, I note you have this on your computer, which could be partly responsible for some of the infections: C:\Program Files\Java\jre1.5.0_07. Illustrated instructions are available at my Security Garden blog http://securitygarden.blogspot.com/2006/09/sunflowers-and-sunjava-update.html . Follow those instructions to get the latest version.
C.
Adobe ReaderA number of malicious PDF files have been seen in the wild and we've had reports of infection attempts using a vulnerability in Adobe Reader. You can update your system by downloading the new Adobe Reader at http://www.adobe.com/products/acrobat/readstep2.html (Watch out for a possible pre-checked install of Photoshop Album Starter Edition and uncheck it if found.)
E.
FirewallIt does not appear that your version of Symantec is a "security suite" including a firewall. Unless I am mistaken, I expect to see one of the following free firewalls installed on your computer in the next logs posted:
Agnitum Outpost Firewall (http://www.agnitum.com/products/outpostfree/index.php)
Comodo Free Firewall (http://www.personalfirewall.comodo.com/)
Kerio Personal Firewall (http://www.kerio.com/kpf_download.html)
Online Armor Free (http://www.online-armor.com/online_armor_free.html)
F.
HijackThisIn order to provide a backup, HijackThis must be in a permanent folder. Please remove HJT from your desktop C:\Documents and Settings\Ryan S\Desktop\HiJackThis.exe and create a permanent folder in C:\Program Files as we will likely be doing additional removals with HJT.
G.
Logs RequestedAfter following the instructions above, please include the following with your next reply:
- ComboFix Log
- Fresh HijackThis log
If you have any questions, please ask.
Alright.. did everything :)
here's the combofix log then the HJT log
ComboFix 08-02-17.2 - Ryan S 2008-02-17 4:08:00.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.364 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan S\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\-468528450
C:\asswegsh.exe
C:\Computer Fixers
C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\CGYRQCZ.exe
C:\DOCUME~1\RYANS~1\LOCALS~1\Temp\TJ.exe
C:\getservice
C:\temp2.bat
C:\WINDOWS\system32\bboynsav.dll
C:\WINDOWS\system32\dllcache\ati3duag.dll
C:\WINDOWS\system32\dllcache\korwbrkr.lex
C:\WINDOWS\system32\drivers\qwer78.sys
C:\WINDOWS\System32\jkkljhg.dll
C:\WINDOWS\system32\kbdsdf.dll
C:\WINDOWS\System32\onoifiyn.dll
C:\WINDOWS\system32\PHYYA
C:\WINDOWS\system32\winload.dll
C:\WINDOWS\system32\winppp32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\qwer78.sys
C:\WINDOWS\system32\icqmlib.exe
C:\WINDOWS\system32\iepref32.dll
C:\WINDOWS\system32\ierplc.dll
C:\WINDOWS\system32\ips.dll
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\laprxy.dllexe
C:\WINDOWS\system32\ocxapi.dll
C:\WINDOWS\system32\ocxloader.exe
C:\WINDOWS\system32\qmopt.dll
.
---- Previous Run -------
.
C:\-468528450
C:\temp2.bat
C:\WINDOWS\system32\dllcache\ati3duag.dll
C:\WINDOWS\system32\dllcache\korwbrkr.lex
C:\WINDOWS\system32\kbdsdf.dll
C:\WINDOWS\system32\PHYYA
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CGYRQCZ
-------\LEGACY_TJ
-------\CGYRQCZ
-------\qwer78
-------\TJ
-------\LEGACY_QWER78
-------\qwer78
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-03 03:25 . 2008-02-17 02:42 <DIR> d-------- C:\Computer Fixers
2008-02-03 02:13 . 2008-02-03 02:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 02:13 . 2008-02-03 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 02:03 . 2008-02-03 02:03 <DIR> d-------- C:\getservice
2008-02-02 03:26 . 2008-02-02 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 16:42 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-31 16:42 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-31 16:42 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-31 16:40 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-31 16:39 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-31 16:38 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-31 16:37 . 2006-03-15 07:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-31 16:36 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-31 16:35 . 2006-03-15 07:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-31 16:34 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-31 16:33 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-31 16:32 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-31 16:31 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-31 16:30 . 2006-03-15 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-31 16:29 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-31 16:28 . 2006-03-15 07:00 226,816 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-31 16:27 . 2006-03-15 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-31 16:26 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-31 16:25 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-31 16:24 . 2006-03-15 07:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-31 16:23 . 2006-03-15 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-31 16:22 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-01-31 16:21 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-31 16:20 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-31 16:19 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-31 16:18 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-01-31 16:17 . 2006-03-15 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-31 16:16 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-31 16:15 . 2006-03-15 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-31 16:14 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-31 04:30 . 2008-02-16 08:00 <DIR> d-------- C:\Documents and Settings\Ryan S\Application Data\AVG7
2008-01-31 04:29 . 2008-01-31 04:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 04:28 . 2008-01-31 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 04:28 . 2008-01-31 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 13:44 . 2008-01-30 13:44 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-30 13:44 . 2008-01-31 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 08:09 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-13 00:08 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\LimeWire
2008-02-03 08:27 --------- d-----w C:\Program Files\Last.fm
2008-01-31 09:39 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\AdobeUM
2008-01-30 04:56 --------- d-----w C:\Program Files\Winamp
2008-01-30 04:56 --------- d-----w C:\Program Files\uTorrent
2008-01-30 04:55 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\uTorrent
2008-01-11 04:59 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-11 04:55 --------- d-----w C:\Program Files\Avanquest update
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-29 05:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 05:31 --------- d-----w C:\Program Files\Pinnacle
2007-12-29 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-12-29 05:29 --------- d-----w C:\Program Files\SmartSound Software
2007-12-29 05:27 --------- d-----w C:\Program Files\DivX
2007-12-20 07:03 --------- d-----w C:\Program Files\iTunes
2007-12-20 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 09:20 25,600 ----a-w C:\Documents and Settings\Ryan S\usbsermptxp.sys
2007-12-07 09:20 22,768 ----a-w C:\Documents and Settings\Ryan S\usbsermpt.sys
2006-12-20 17:54 356,352 ----a-w C:\Documents and Settings\Ryan S\cwshredder.dll
2006-12-06 03:29 92,064 ----a-w C:\Documents and Settings\Ryan S\mqdmmdm.sys
2006-12-06 03:29 9,232 ----a-w C:\Documents and Settings\Ryan S\mqdmmdfl.sys
2006-12-06 03:29 79,328 ----a-w C:\Documents and Settings\Ryan S\mqdmserd.sys
2006-12-06 03:29 66,656 ----a-w C:\Documents and Settings\Ryan S\mqdmbus.sys
2006-12-06 03:29 6,208 ----a-w C:\Documents and Settings\Ryan S\mqdmcmnt.sys
2006-12-06 03:29 5,936 ----a-w C:\Documents and Settings\Ryan S\mqdmwhnt.sys
2006-12-06 03:29 4,048 ----a-w C:\Documents and Settings\Ryan S\mqdmcr.sys
2006-10-13 11:07 81,920 ----a-w C:\Documents and Settings\Ryan S\Application Data\ezpinst.exe
2006-10-13 11:07 47,360 ----a-w C:\Documents and Settings\Ryan S\Application Data\pcouffin.sys
2006-10-05 16:44 1,108 ----a-w C:\Documents and Settings\Ryan S\Application Data\wklnhst.dat
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b18f7897-1ac2-422d-bff0-0b208a171be9}]
C:\WINDOWS\system32\psgupcci.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D905B3B7-BC68-4958-9488-EB3D849A4B34}]
C:\WINDOWS\system32\awvvs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F631AAE2-4C20-11DC-8929-D3F855D89593}]
C:\WINDOWS\se_spoof.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 22:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 20:24 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 16:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 23:36 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 14:11 176128]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 15:58 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 12:50 185896]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 04:28 579072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-31 04:28 219136]
C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-20 02:00:31 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TVTonic Media Player.lnk - C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe [2006-10-06 18:24:52 315392]
TVTonic Tray.lnk - C:\Program Files\Wavexpress\TVTonic\WXTray.exe [2006-06-02 12:27:14 872448]
Venturi 2.lnk - C:\Program Files\Venturi2\Configurator\ventcfg.exe [2007-07-26 05:20:44 1478656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ryan S^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-15 07:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2004-08-10 05:43 188416 C:\Program Files\Windows Plus\Dancer\Dancer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
C:\WINDOWS\system32\bboynsav.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-04-05 13:21 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-04-05 13:21 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-04-05 13:21 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 18:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
C:\WINDOWS\system32\mswinup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-07-12 03:23 160832 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
c:\program files\seekmo\seekmo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 04:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-05 12:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2005-10-24 17:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
C:\WINDOWS\system32\winupsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
C:\WINDOWS\system32\winsvcup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 00:39]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 USB28xxBGA;PCTV 330e/8x0e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 07:40]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 07:40]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d793-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d794-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - H:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - H:\TVCenterPro.exe
\Shell\Shell02\Command - H:\TVCenterProSettings.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd8c2ec-b5d4-11dc-ba91-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - G:\TVCenterPro.exe
\Shell\Shell02\Command - G:\TVCenterProSettings.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 22:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 04:14:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-02-17 4:18:41 - machine was rebooted [Ryan S]
ComboFix-quarantined-files.txt 2008-02-17 09:18:38
ComboFix2.txt 2008-02-05 04:46:30
ComboFix3.txt 2008-02-02 09:49:43
.
2008-02-13 08:05:48 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:49 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: {9eb171a8-02b0-0ffb-d224-2ca17987f81b} - {b18f7897-1ac2-422d-bff0-0b208a171be9} - C:\WINDOWS\system32\psgupcci.dll (file missing)
O2 - BHO: (no name) - {D905B3B7-BC68-4958-9488-EB3D849A4B34} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v41/mines/mines.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvtonic.com/install/3.0/install.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
--
End of file - 18818 bytes
A. Let's run ComboFix again.
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Quote
Files::
C:\WINDOWS\system32\psgupcci.dll
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\se_spoof.dll
C:\WINDOWS\system32\mswinup.exe
C:\WINDOWS\system32\winupsvc.exe
C:\WINDOWS\system32\winsvcup.exe
C:\WINDOWS\system32\bboynsav.dll
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b18f7897-1ac2-422d-bff0-0b208a171be9}]
"C:\WINDOWS\system32\psgupcci.dll"=-
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D905B3B7-BC68-4958-9488-EB3D849A4B34}]
"C:\WINDOWS\system32\awvvs.dll"=-
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F631AAE2-4C20-11DC-8929-D3F855D89593}]
"C:\WINDOWS\se_spoof.dll"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkljhg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\onoifiyn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winppp32]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
"C:\WINDOWS\system32\mswinup.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
"C:\WINDOWS\system32\winupsvc.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
"C:\WINDOWS\system32\winsvcup.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
"C:\WINDOWS\system32\bboynsav.dll"=-
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}"
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi266.photobucket.com%2Falbums%2Fii277%2FsUBs_%2FCFScript.gif&hash=e717b6d6f30949c01276451bd9201cb4202ba3db)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.B. Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {9eb171a8-02b0-0ffb-d224-2ca17987f81b} - {b18f7897-1ac2-422d-bff0-0b208a171be9} - C:\WINDOWS\system32\psgupcci.dll (file missing)
O2 - BHO: (no name) - {D905B3B7-BC68-4958-9488-EB3D849A4B34} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: SpoofBHO Class - {F631AAE2-4C20-11DC-8929-D3F855D89593} - C:\WINDOWS\se_spoof.dll (file missing)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v41/mines/mines.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvtonic.com/install/3.0/install.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinner.com/games/v41/freecell/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v49/dinerdash/dinerdash.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v53/h2hpool/h2hpool.cab
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)Click on Fix Checked when finished and exit HijackThis.
C. Please download ATF Cleaner by Atribune from http://www.atribune.org/content/view/25/2/ (http://www.atribune.org/content/view/25/2/) . Save it to your Desktop.
Run ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Exit on the Main menu to close the program.
- Shutdown/restart the computer.
D. Establish an internet connection & perform an online scan with Internet Explorer at
Kaspersky Online Scanner (http://www.kaspersky.co.uk/virusscanner)
Answer Yes, when prompted to install an ActiveX component.
- The program will then begin downloading the latest definition files.
- Once the files have been downloaded click on NEXT
- Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
- Scan Options:
- Scan Archives
- Scan Mail Bases[/color][/b]
- Click OK & have it scan My Computer
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan *
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.[/color]
E. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
Logs Required[/color]
ComboFix log
Kaspersky Scan Log
Hijackthis Log
Alrighty... here's the Combofix log, then Kaspersky log, then HJT log.
ComboFix 08-02-17.2 - Ryan S 2008-02-19 2:36:57.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.452 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan S\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-17 05:13 . 2008-02-17 05:13 <DIR> d-------- C:\Documents and Settings\Ryan S\Application Data\Comodo
2008-02-17 05:13 . 2008-02-17 05:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-02-17 05:10 . 2008-02-03 03:17 209 --a------ C:\boot.ini.comodofirewall
2008-02-17 05:09 . 2008-02-17 05:09 <DIR> d-------- C:\Program Files\Comodo
2008-02-17 04:56 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 04:55 . 2008-02-17 04:56 <DIR> d-------- C:\Program Files\Java
2008-02-17 04:55 . 2008-02-17 04:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-03 03:25 . 2008-02-17 02:42 <DIR> d-------- C:\Computer Fixers
2008-02-03 02:13 . 2008-02-03 02:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 02:13 . 2008-02-03 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 02:03 . 2008-02-03 02:03 <DIR> d-------- C:\getservice
2008-02-02 03:26 . 2008-02-02 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 16:42 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-31 16:42 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-31 16:42 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-31 16:40 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-31 16:39 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-31 16:38 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-31 16:37 . 2006-03-15 07:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-31 16:36 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-31 16:35 . 2006-03-15 07:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-31 16:34 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-31 16:33 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-31 16:32 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-31 16:31 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-31 16:30 . 2006-03-15 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-31 16:29 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-31 16:28 . 2006-03-15 07:00 226,816 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-31 16:27 . 2006-03-15 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-31 16:26 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-31 16:25 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-31 16:24 . 2006-03-15 07:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-31 16:23 . 2006-03-15 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-31 16:22 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-01-31 16:21 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-31 16:20 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-31 16:19 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-31 16:18 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-01-31 16:17 . 2006-03-15 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-31 16:16 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-31 16:15 . 2006-03-15 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-31 16:14 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-31 04:30 . 2008-02-16 08:00 <DIR> d-------- C:\Documents and Settings\Ryan S\Application Data\AVG7
2008-01-31 04:29 . 2008-01-31 04:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 04:28 . 2008-01-31 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 04:28 . 2008-01-31 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 13:44 . 2008-01-30 13:44 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-30 13:44 . 2008-01-31 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 08:32 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\LimeWire
2008-02-17 10:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 08:09 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-03 08:27 --------- d-----w C:\Program Files\Last.fm
2008-01-31 09:39 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\AdobeUM
2008-01-30 04:56 --------- d-----w C:\Program Files\Winamp
2008-01-30 04:56 --------- d-----w C:\Program Files\uTorrent
2008-01-30 04:55 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\uTorrent
2008-01-11 04:59 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-11 04:55 --------- d-----w C:\Program Files\Avanquest update
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-29 05:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 05:31 --------- d-----w C:\Program Files\Pinnacle
2007-12-29 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-12-29 05:29 --------- d-----w C:\Program Files\SmartSound Software
2007-12-29 05:27 --------- d-----w C:\Program Files\DivX
2007-12-20 07:03 --------- d-----w C:\Program Files\iTunes
2007-12-20 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-12-07 09:20 25,600 ----a-w C:\Documents and Settings\Ryan S\usbsermptxp.sys
2007-12-07 09:20 22,768 ----a-w C:\Documents and Settings\Ryan S\usbsermpt.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-21 08:16 22,016 ----a-w C:\WINDOWS\system32\avmeterb.dll
2006-12-20 17:54 356,352 ----a-w C:\Documents and Settings\Ryan S\cwshredder.dll
2006-12-06 03:29 92,064 ----a-w C:\Documents and Settings\Ryan S\mqdmmdm.sys
2006-12-06 03:29 9,232 ----a-w C:\Documents and Settings\Ryan S\mqdmmdfl.sys
2006-12-06 03:29 79,328 ----a-w C:\Documents and Settings\Ryan S\mqdmserd.sys
2006-12-06 03:29 66,656 ----a-w C:\Documents and Settings\Ryan S\mqdmbus.sys
2006-12-06 03:29 6,208 ----a-w C:\Documents and Settings\Ryan S\mqdmcmnt.sys
2006-12-06 03:29 5,936 ----a-w C:\Documents and Settings\Ryan S\mqdmwhnt.sys
2006-12-06 03:29 4,048 ----a-w C:\Documents and Settings\Ryan S\mqdmcr.sys
2006-10-13 11:07 81,920 ----a-w C:\Documents and Settings\Ryan S\Application Data\ezpinst.exe
2006-10-13 11:07 47,360 ----a-w C:\Documents and Settings\Ryan S\Application Data\pcouffin.sys
2006-10-05 16:44 1,108 ----a-w C:\Documents and Settings\Ryan S\Application Data\wklnhst.dat
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b18f7897-1ac2-422d-bff0-0b208a171be9}]
C:\WINDOWS\system32\psgupcci.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D905B3B7-BC68-4958-9488-EB3D849A4B34}]
C:\WINDOWS\system32\awvvs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F631AAE2-4C20-11DC-8929-D3F855D89593}]
C:\WINDOWS\se_spoof.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 22:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 20:24 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 16:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 23:36 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 14:11 176128]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 15:58 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 12:50 185896]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 04:28 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-02-17 05:09 1115728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-31 04:28 219136]
C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-20 02:00:31 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TVTonic Media Player.lnk - C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe [2006-10-06 18:24:52 315392]
TVTonic Tray.lnk - C:\Program Files\Wavexpress\TVTonic\WXTray.exe [2006-06-02 12:27:14 872448]
Venturi 2.lnk - C:\Program Files\Venturi2\Configurator\ventcfg.exe [2007-07-26 05:20:44 1478656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ryan S^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-15 07:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2004-08-10 05:43 188416 C:\Program Files\Windows Plus\Dancer\Dancer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
C:\WINDOWS\system32\bboynsav.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-04-05 13:21 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-04-05 13:21 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-04-05 13:21 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 18:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
C:\WINDOWS\system32\mswinup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-07-12 03:23 160832 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
c:\program files\seekmo\seekmo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-05 12:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
C:\WINDOWS\system32\winupsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
C:\WINDOWS\system32\winsvcup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 00:39]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 USB28xxBGA;PCTV 330e/8x0e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 07:40]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 07:40]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d793-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d794-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - H:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - H:\TVCenterPro.exe
\Shell\Shell02\Command - H:\TVCenterProSettings.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd8c2ec-b5d4-11dc-ba91-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - G:\TVCenterPro.exe
\Shell\Shell02\Command - G:\TVCenterProSettings.exe
*Newly Created Service* - CMDAGENT
*Newly Created Service* - CMDMON
*Newly Created Service* - INSPECT
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 22:32:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 02:39:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-19 2:40:36
ComboFix-quarantined-files.txt 2008-02-19 07:40:14
ComboFix2.txt 2008-02-17 09:18:42
ComboFix3.txt 2008-02-05 04:46:30
ComboFix4.txt 2008-02-02 09:49:43
.
2008-02-13 08:05:48 --- E O F ---
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 19, 2008 2:39:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 572986
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 116225
Number of viruses found: 6
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 02:12:29
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75EE3ECE.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\All Users\Application Data\Wavexpress\TVTonic\Cache\wxcc.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wavexpress\TVTonic\Cache\wxcc.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wavexpress\TVTonic\Cache\wxrss.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wavexpress\TVTonic\Cache\wxrss.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wavexpress\TVTonic\Cache\WXRSS.txt Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_49c.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\history.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\key3.db Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ryan S\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Ryan S\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Last.fm\Client\LastFmHelper.log Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Application Data\Mozilla\Firefox\Profiles\r412qlpz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\History\History.IE5\MSHist012008021920080220\index.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ryan S\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ryan S\My Documents\Other\Setups\Setup.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as skipped
C:\Documents and Settings\Ryan S\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ryan S\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_239.trc Object is locked skipped
C:\Program Files\Venturi2\Client\vent2.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128379.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Agent.htu skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128379.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dux skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128379.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128379.exe/data.rar/install.exe Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128379.exe/data.rar Infected: Virus.Win32.Virut.av skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128379.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128381.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP567\A0128382.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP572\A0129422.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP573\A0129424.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129495.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129507.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129508.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129509.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129510.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129511.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129512.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129513.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129514.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129515.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129516.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129517.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129518.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129519.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129520.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129521.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129522.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129523.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129524.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129525.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129526.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129527.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129528.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129529.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129530.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129531.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129532.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129533.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129534.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129535.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129536.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129537.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129538.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129539.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129540.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129541.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129542.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129543.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129544.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129545.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129546.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129547.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129548.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129549.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129550.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129551.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129552.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129553.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129554.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129555.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129556.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129557.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129558.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129559.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129560.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129561.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129562.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129563.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129564.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129565.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129566.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129567.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129568.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129569.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129570.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129571.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129572.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129573.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129574.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129575.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129576.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129577.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129578.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129579.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129580.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129581.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129582.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129583.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129584.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129585.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129586.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129587.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129588.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129589.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129590.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129591.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129592.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129593.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129594.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129595.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129596.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129597.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129598.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129599.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129600.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129601.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129602.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129603.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129604.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129605.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129606.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129607.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129608.dll Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129609.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP575\A0129610.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP584\A0140674.exe Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP596\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{514F670A-BCC6-47E4-B5AB-2F43F5E19570}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9349DB6C-2D92-4FA4-A471-1970404252A5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Wavexpre.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET3212.tmp Object is locked skipped
C:\WINDOWS\Temp\JET332B.tmp Object is locked skipped
C:\WINDOWS\Temp\JET3474.tmp Object is locked skipped
C:\WINDOWS\Temp\JET34A2.tmp Object is locked skipped
C:\WINDOWS\Temp\JET34A3.tmp Object is locked skipped
C:\WINDOWS\Temp\JET913E.tmp Object is locked skipped
C:\WINDOWS\Temp\JETE588.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_590.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:28 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation -
Ok, Ryan, let's see what is left.
A. Delete the following File indicated in RED:
C:\Documents and Settings\Ryan S\My Documents\Other\Setups\Setup.exe
Note: If the file resists, you may have to boot to Safe Mode to delete it. If unsuccessful, please let me know and we'll go at it a different direction.
B. System Restore is filled with a number of different trojans, including a dialer. Although an infected restore point is better than none at all, now that we have gotten you this far, let's create a fresh restore point. To do that you must clear System Restore first and then create a new setting:
- Click Start, and then right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
- Restart the computer.
- Repeat steps 1 through 6, except in step 4, uncheck Turn Off System Restore.
- Next create a new restore point:
Got to Start>All Programs>Accessories>System Tools>System Restore.
On the next page that comes up you will have three choices, choose Create Restore Point.
Then click next type in a description "after cleanup" or something like that. Then choose "Create" then close.
C. TotalScan: Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >>
TotalScan (http://www.nanoscan.com/as/v1/?) << LINK
- Under Scan Now click the Full Scan button
- Follow the prompts to install the Active X if necessary
- Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
- When the scan is finished, a report will be generated
- Next to Scan Details click the small Save button and save the report to your desktop.
- Please post the report in your reply.
D. Post a reply with the Total Scan results, a fresh HijackThis log and an indication of how your computer is responding.
One more thing, Ryan. You have two antivirus programs on your computer. (Thanks, Ripley.) AVG and Norton. If your Norton subscription is up to date (license renewed and definitions updating properly), you should uninstall AVG. Conversely, if Norton has expired and you are not going to renew it, you need to uninstall Norton. With Norton, in addition to add/remove programs, you should see this link as well: Symantec: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
Alright, first off, thanks again. Secondly, that first file you told me to delete appeared to delete with no problem (without having to go into safe mode)... My computer seems to be going a little bit faster all-around.... But I think that TotalScan said I still have 9 viruses or something.... Anyway, here's the 2 logs you asked for. And this may sound really stupid, but (in response to your 2nd post about the anti-virus programs)... I can not find Norton on my computer for the life of me, therefore I can't uninstall it :( ... ::feels dumb::
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-19 23:50:35
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG 7.5.516 7.5.516 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan S\Cookies\ryan_s@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan S\Cookies\ryan_s@atdmt[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan S\Cookies\ryan_s@advertising[2].txt
00247291 adware/seekmo Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryan S\Cookies\ryan_s@atwola[1].txt
01077358 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\Ryan S\My Documents\Other\Setups\Photoshop\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE\e-apcs37.zip[e-apcs3.rar][Crack\photoshop.cs3.beta.20061208.exe]
01077358 Generic Trojan Virus/Trojan No 0 No No C:\Documents and Settings\Ryan S\My Documents\Other\Zips\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE.part1.rar[Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE\e-apcs37.zip][e-apcs3.rar][Crack\photoshop.cs3.beta.20061208.exe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
02675455 Generic Trojan Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\kbdsdf.dll.vir
02895126 Trj/Spammer.AFL Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Helper\1201669302.dll.vir
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:27 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
--
End of file - 15201 bytes
Ryan002,
Excerpts from an article on uninstalling/removing Symantec/Norton products:
"Incomplete removal poses a risk to users
Why are incomplete uninstalls a problem? In addition to leaving useless data on a customer's machine, such Registry entries may in some cases cause conflicts for other software.
<snip>
"the presence of uninstalled security software in the Registry can conflict with newly installed security software and cause system freezes."
<snip>
Removing all Symantec products, however many are installed
Whether you have only one Symantec product or several installed, if you're removing them all, open the Control Panel and use the same applet described in the previous paragraph to find them. Uninstall each program in turn. If the LiveUpdate utility still shows up in the Control Panel applet, select the option to remove it.
After you've uninstalled all Symantec products, including the LiveUpdate utility, you can clean up your Registry further by following the instructions (link above that Corrine provided) at the Symantec support site. This involves running the Norton Removal Tool for your particular product.
As noted above, however, even the Norton Removal Tool will not remove every trace of Symantec programs. You may find leftover Symantec folders under your Program Files\Common Files folder, the Documents and Settings folder (in XP), and the Users folder (in Vista). Don't use Registry tools to simply delete every reference to Norton or Symantec. Many of these entries are completely harmless (for example, when the name turns up in an MRU or "most recently used" list)."
Full article: Symantec uninstaller may not finish the job (http://windowssecrets.com/comp/080207#story1)
After checking Add/Remove Programs for Symantec/Norton/LiveUpdate & uninstalling, running the Norton Removal Tool is a safer alternative than manually cleaning the registry (an option for advanced users).
Manually creating a system restore point before running the removal tool is another precaution as well.
You need to remove the following two infected files, identified by Total Scan. I hope you've learned your lesson about downloading licensed software via p2p. The only legitimate downloads are from the vendor site or their authorized delegate.
C:\Documents and Settings\Ryan S\My Documents\Other\Setups\Photoshop\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE\e-apcs37.zip
and
C:\Documents and Settings\Ryan S\My Documents\Other\Zips\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE.part1.rar
I see something I missed. Let's give this a try and then I think we can handle the cleanup.
Custom CFScript
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Quote
Folder::
c:\program files\seekmo
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}]
"seekmohook.dll"=-
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi266.photobucket.com%2Falbums%2Fii277%2FsUBs_%2FCFScript.gif&hash=e717b6d6f30949c01276451bd9201cb4202ba3db)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.Run ATF Cleaner again, as instructed previously.
Please post the ComboFix log and a fresh HijackThis log. Let us know how you are doing with the Symantec removal tool.
Alright so in the Add/Remove programs I found LiveUpdate or w/e its called from Symantec so I removed that... Then I ran the norton remover and it completed successfully so I'm thinking that that situation is settled. Here are the 2 logs you asked for.
ComboFix 08-02-17.2 - Ryan S 2008-02-21 1:27:07.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.403 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan S\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.
2008-02-19 22:22 . 2008-02-19 22:23 <DIR> d-------- C:\Program Files\Panda Security
2008-02-19 03:37 . 2008-02-19 03:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-19 03:37 . 2008-02-19 03:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 05:13 . 2008-02-17 05:13 <DIR> d-------- C:\Documents and Settings\Ryan S\Application Data\Comodo
2008-02-17 05:13 . 2008-02-17 05:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-02-17 05:10 . 2008-02-03 03:17 209 --a------ C:\boot.ini.comodofirewall
2008-02-17 05:09 . 2008-02-17 05:09 <DIR> d-------- C:\Program Files\Comodo
2008-02-17 04:56 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-17 04:55 . 2008-02-17 04:56 <DIR> d-------- C:\Program Files\Java
2008-02-17 04:55 . 2008-02-17 04:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-03 03:25 . 2008-02-17 02:42 <DIR> d-------- C:\Computer Fixers
2008-02-03 02:13 . 2008-02-03 02:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-03 02:13 . 2008-02-03 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 02:03 . 2008-02-03 02:03 <DIR> d-------- C:\getservice
2008-02-02 03:26 . 2008-02-02 03:26 <DIR> d-------- C:\Program Files\CCleaner
2008-01-31 16:42 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-31 16:42 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-31 16:42 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-31 16:40 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-31 16:39 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-31 16:38 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-31 16:37 . 2006-03-15 07:00 571,392 --a--c--- C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-31 16:36 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-31 16:35 . 2006-03-15 07:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-31 16:34 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-31 16:33 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-31 16:32 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-31 16:31 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-31 16:30 . 2006-03-15 07:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-31 16:29 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-31 16:28 . 2006-03-15 07:00 226,816 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-31 16:27 . 2006-03-15 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-31 16:26 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-31 16:25 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-31 16:24 . 2006-03-15 07:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-31 16:23 . 2006-03-15 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-31 16:22 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-01-31 16:21 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-31 16:20 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-31 16:19 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-31 16:18 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe
2008-01-31 16:17 . 2006-03-15 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-31 16:16 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-31 16:15 . 2006-03-15 07:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-31 16:14 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-31 04:30 . 2008-02-20 08:00 <DIR> d-------- C:\Documents and Settings\Ryan S\Application Data\AVG7
2008-01-31 04:29 . 2008-01-31 04:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 04:28 . 2008-01-31 04:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 04:28 . 2008-01-31 04:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 13:44 . 2008-01-30 13:44 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-30 13:44 . 2008-01-31 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 06:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 08:32 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\LimeWire
2008-02-17 10:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 08:09 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-03 08:27 --------- d-----w C:\Program Files\Last.fm
2008-01-31 09:39 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\AdobeUM
2008-01-30 04:56 --------- d-----w C:\Program Files\Winamp
2008-01-30 04:56 --------- d-----w C:\Program Files\uTorrent
2008-01-30 04:55 --------- d-----w C:\Documents and Settings\Ryan S\Application Data\uTorrent
2008-01-11 04:59 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-11 04:55 --------- d-----w C:\Program Files\Avanquest update
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-29 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-29 05:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 05:31 --------- d-----w C:\Program Files\Pinnacle
2007-12-29 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-12-29 05:29 --------- d-----w C:\Program Files\SmartSound Software
2007-12-29 05:27 --------- d-----w C:\Program Files\DivX
2007-12-07 09:20 25,600 ----a-w C:\Documents and Settings\Ryan S\usbsermptxp.sys
2007-12-07 09:20 22,768 ----a-w C:\Documents and Settings\Ryan S\usbsermpt.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-21 08:16 22,016 ----a-w C:\WINDOWS\system32\avmeterb.dll
2006-12-20 17:54 356,352 ----a-w C:\Documents and Settings\Ryan S\cwshredder.dll
2006-12-06 03:29 92,064 ----a-w C:\Documents and Settings\Ryan S\mqdmmdm.sys
2006-12-06 03:29 9,232 ----a-w C:\Documents and Settings\Ryan S\mqdmmdfl.sys
2006-12-06 03:29 79,328 ----a-w C:\Documents and Settings\Ryan S\mqdmserd.sys
2006-12-06 03:29 66,656 ----a-w C:\Documents and Settings\Ryan S\mqdmbus.sys
2006-12-06 03:29 6,208 ----a-w C:\Documents and Settings\Ryan S\mqdmcmnt.sys
2006-12-06 03:29 5,936 ----a-w C:\Documents and Settings\Ryan S\mqdmwhnt.sys
2006-12-06 03:29 4,048 ----a-w C:\Documents and Settings\Ryan S\mqdmcr.sys
2006-10-13 11:07 81,920 ----a-w C:\Documents and Settings\Ryan S\Application Data\ezpinst.exe
2006-10-13 11:07 47,360 ----a-w C:\Documents and Settings\Ryan S\Application Data\pcouffin.sys
2006-10-05 16:44 1,108 ----a-w C:\Documents and Settings\Ryan S\Application Data\wklnhst.dat
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 22:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 20:24 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 16:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 23:36 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 14:11 176128]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 15:58 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 12:50 185896]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 04:28 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-02-17 05:09 1115728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-31 04:28 219136]
C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-20 02:00:31 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TVTonic Media Player.lnk - C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe [2006-10-06 18:24:52 315392]
TVTonic Tray.lnk - C:\Program Files\Wavexpress\TVTonic\WXTray.exe [2006-06-02 12:27:14 872448]
Venturi 2.lnk - C:\Program Files\Venturi2\Configurator\ventcfg.exe [2007-07-26 05:20:44 1478656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Ryan S^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-15 07:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2004-08-10 05:43 188416 C:\Program Files\Windows Plus\Dancer\Dancer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
C:\WINDOWS\system32\bboynsav.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-04-05 13:21 77824 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-04-05 13:21 118784 C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-04-05 13:21 94208 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 18:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
C:\WINDOWS\system32\mswinup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-07-12 03:23 160832 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
c:\program files\seekmo\seekmo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-05 12:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
C:\WINDOWS\system32\winupsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
C:\WINDOWS\system32\winsvcup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 00:39]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 USB28xxBGA;PCTV 330e/8x0e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 07:40]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 07:40]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d793-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d794-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - H:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - H:\TVCenterPro.exe
\Shell\Shell02\Command - H:\TVCenterProSettings.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd8c2ec-b5d4-11dc-ba91-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - G:\TVCenterPro.exe
\Shell\Shell02\Command - G:\TVCenterProSettings.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 22:32:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 01:29:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-21 1:30:10
ComboFix-quarantined-files.txt 2008-02-21 06:29:43
ComboFix2.txt 2008-02-19 07:40:36
ComboFix3.txt 2008-02-17 09:18:42
ComboFix4.txt 2008-02-05 04:46:30
ComboFix5.txt 2008-02-02 09:49:43
.
2008-02-13 08:05:48 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:33 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
--
End of file - 14568 bytes
Hi, Ryan. My apology for the delay in responding. Real life has had me occupied much more than usual.
ComboFix needs to be removed as well as the quarantined files. Please do the following:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi189.photobucket.com%2Falbums%2Fz176%2FEPL47%2FCF_Cleanup.png&hash=9935c0c2313e8105993d51aa96e7f8ec480e9606)
I hope you learned through this exercise, Ryan, that there are dangers with P2P programs. I can only advise that you keep your software up to date and be very careful about what you download. Updates include not only Microsoft security updates but also your antivirus and other software. To check if your system is missing security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
- Detects insecure versions of applications installed
- Verifies that all Microsoft patches are applied
- Assists you in updating your system and applications
For additional information on protecting your PC, please see Tony Klein's
"So how did I get infected in the first place?" (http://www.landzdown.com/index.php?topic=2783.0) for important tips on how to prevent future infections. There is also a lot of helpful information in "Mitch's Good Stuff" linked from
here (http://www.landzdown.com/index.php?topic=192.0).
Install and update both SpywareBlaster & SpyGuard to prevent the installation of spyware and other potentially unwanted software:
SpywareBlaster -- http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard -- http://www.javacoolsoftware.com/spywareguard.html
I really like
WinPatrol (http://www.winpatrol.com/), which includes the features described here (http://www.winpatrol.com/features.html).
Regards,
Corrine :rose:
Thank you so much Corrine for all your help throughout the past couple weeks. I appreciate it so much... This whole website is so great and you guys really help out alot of people. I did learn my lesson about p2p programs and such... I'll try to be much more careful. I uninstalled ComboFix and thanks also for those last 3 links, I DLed them.
Once again, thanks for your time and help and keep up the great work :D :flowers:
You're welcome, Ryan. :rose:
Phew, Ryan my man, you just got handled by one of the best of the best around here :rose:
Actually I am a bit surprised that you two pulled this off and you have a workable machine given the nasty stuff you allowed in your computer.
In addition to what Corrine had pointed out...
Per your Kaspersky log, "Infected: Virus.Win32.Virut.av"< THAT one infects every .exe on your puter if it gets it's way!
You have been living on the Eve of Destruction. (http://www.youtube.com/watch?v=Akoukq5DvAE)
Given the extent of your music library, I personally was hoping you two would pull it out.
Within the last 2 weeks it seems you've loaded a new firewall, and some new anti-spyware proggys.
If you spend some time reading at the support forums for these programs it will help with configuration decisions for your computer & responding to prompts.
If you haven't found where they are, just ask. We all know where they are, or feel free to ask specific questions about them here in a new topic.
ALL my computers have always been "music boxes" to me, so I can relate. But if I may make a suggestion, shift gears a bit and take some time to learn about some backup options as well as how to secure your computer.
Your comments & expediency during your "cleanup" were impressive...keep on learning!
Safe surfing Ryan002!
Thanks Ripley for your comments and help :D.
I will definitely be looking more at the threads helping with the anti-spyware programs and such. I'm also glad we could get it to work out due to all my music. And also I'll need to look into good methods for backing-up my stuff as you said... Do you have any suggestions?
Also in response to the Kaspersky log and that virus.... everything should be fine now right? :-x That would be horrible to just see all my .exe's slowly getting messed up..
Thanks again buddy :).
If you followed Corrine's instructions here (http://www.landzdown.com/index.php?topic=22409.msg71158#msg71158) to clear your restore points & create a new one, then that part of what was showing in the Kaspersky log should be gone.
It's a good idea to run an online scan like the Kaspersky one from time to time as a second opinion to your installed anti-virus.
I asked the question awhile ago...How are YOU making system back-ups? (http://www.landzdown.com/index.php?topic=10467.0) Might give you a starting point.
A few other discussions at LzD here (http://www.landzdown.com/index.php?topic=12565.msg42641#msg42641), here (http://www.landzdown.com/index.php?topic=6765.msg24128#msg24128), here (http://www.landzdown.com/index.php?topic=18031.msg57024#msg57024), and here (http://www.landzdown.com/index.php?topic=13029.msg41901#msg41901).