Services.exe error... Can't figure out how to fix! Help Please

Started by Ryan002, February 04, 2008, 07:26:09 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2
User actions

Corrine

#15
February 20, 2008, 02:51:32 AM
One more thing, Ryan.  You have two antivirus programs on your computer. (Thanks, Ripley.)  AVG and Norton.  If your Norton subscription is up to date (license renewed and definitions updating properly), you should uninstall AVG.  Conversely, if Norton has expired and you are not going to renew it, you need to uninstall Norton.  With Norton, in addition to add/remove programs, you should see this link as well:  Symantec:  http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ryan002

#16
February 20, 2008, 09:40:25 AM
Alright, first off, thanks again. Secondly, that first file you told me to delete appeared to delete with no problem (without having to go into safe mode)... My computer seems to be going a little bit faster all-around.... But I think that TotalScan said I still have 9 viruses or something.... Anyway, here's the 2 logs you asked for. And this may sound really stupid, but (in response to your 2nd post about the anti-virus programs)... I can not find Norton on my computer for the life of me, therefore I can't uninstall it :( ... ::feels dumb::


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-19 23:50:35
PROTECTIONS: 1
MALWARE: 9
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
AVG 7.5.516                                  7.5.516                       Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Ryan S\Cookies\ryan_s@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Ryan S\Cookies\ryan_s@atdmt[2].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Ryan S\Cookies\ryan_s@advertising[2].txt
00247291  adware/seekmo                      Adware              No        0         Yes            No           HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
00262020  Cookie/Atwola                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Ryan S\Cookies\ryan_s@atwola[1].txt
01077358  Generic Trojan                     Virus/Trojan        No        0         No             No           C:\Documents and Settings\Ryan S\My Documents\Other\Setups\Photoshop\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE\e-apcs37.zip[e-apcs3.rar][Crack\photoshop.cs3.beta.20061208.exe]
01077358  Generic Trojan                     Virus/Trojan        No        0         No             No           C:\Documents and Settings\Ryan S\My Documents\Other\Zips\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE.part1.rar[Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE\e-apcs37.zip][e-apcs3.rar][Crack\photoshop.cs3.beta.20061208.exe]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593  Application/NirCmd.A               HackTools           No        0         No             No           C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593  Application/NirCmd.A               HackTools           No        0         Yes            No           C:\WINDOWS\Nircmd.exe
02675455  Generic Trojan                     Virus/Trojan        No        0         Yes            No           C:\QooBox\Quarantine\C\WINDOWS\system32\kbdsdf.dll.vir
02895126  Trj/Spammer.AFL                    Virus/Trojan        No        0         Yes            No           C:\QooBox\Quarantine\C\Program Files\Helper\1201669302.dll.vir
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:27 AM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe

--
End of file - 15201 bytes

Ripley

#17
February 20, 2008, 05:07:43 PM
Ryan002,

Excerpts from an article on uninstalling/removing Symantec/Norton products:


"Incomplete removal poses a risk to users

Why are incomplete uninstalls a problem? In addition to leaving useless data on a customer's machine, such Registry entries may in some cases cause conflicts for other software.
<snip>
"the presence of uninstalled security software in the Registry can conflict with newly installed security software and cause system freezes."
<snip>
Removing all Symantec products, however many are installed

Whether you have only one Symantec product or several installed, if you're removing them all, open the Control Panel and use the same applet described in the previous paragraph to find them. Uninstall each program in turn. If the LiveUpdate utility still shows up in the Control Panel applet, select the option to remove it.

After you've uninstalled all Symantec products, including the LiveUpdate utility, you can clean up your Registry further by following the instructions (link above that Corrine provided) at the Symantec support site. This involves running the Norton Removal Tool for your particular product.

As noted above, however, even the Norton Removal Tool will not remove every trace of Symantec programs. You may find leftover Symantec folders under your Program Files\Common Files folder, the Documents and Settings folder (in XP), and the Users folder (in Vista). Don't use Registry tools to simply delete every reference to Norton or Symantec. Many of these entries are completely harmless (for example, when the name turns up in an MRU or "most recently used" list)."

Full article: Symantec uninstaller may not finish the job

After checking Add/Remove Programs for Symantec/Norton/LiveUpdate & uninstalling, running the Norton Removal Tool is a safer alternative than manually cleaning the registry (an option for advanced users).
Manually creating a system restore point before running the removal tool is another precaution as well.

Corrine

#18
February 21, 2008, 03:58:11 AM
You need to remove the following two infected files, identified by Total Scan.  I hope you've learned your lesson about downloading licensed software via p2p. The only legitimate downloads are from the vendor site or their authorized delegate. 

C:\Documents and Settings\Ryan S\My Documents\Other\Setups\Photoshop\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE\e-apcs37.zip

and

C:\Documents and Settings\Ryan S\My Documents\Other\Zips\Adobe_Photoshop.CS3.Beta.20061208.HAPPY.NEW.YEAR-ENGiNE.part1.rar

I see something I missed.  Let's give this a try and then I think we can handle the cleanup.

Custom CFScript

       
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

    Quote
    Folder::
    c:\program files\seekmo

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}]
    "seekmohook.dll"=-


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers


         


       
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
       
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
       
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Run ATF Cleaner again, as instructed previously. 

Please post the ComboFix log and a fresh HijackThis log.  Let us know how you are doing with the Symantec removal tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ryan002

#19
February 21, 2008, 07:48:15 AM
Alright so in the Add/Remove programs I found LiveUpdate or w/e its called from Symantec so I removed that... Then I ran the norton remover and it completed successfully so I'm thinking that that situation is settled. Here are the 2 logs you asked for.


ComboFix 08-02-17.2 - Ryan S 2008-02-21  1:27:07.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.403 [GMT -5:00]
Running from: C:\Documents and Settings\Ryan S\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan S\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-21 to 2008-02-21  )))))))))))))))))))))))))))))))
.

2008-02-19 22:22 . 2008-02-19 22:23   <DIR>   d--------   C:\Program Files\Panda Security
2008-02-19 03:37 . 2008-02-19 03:37   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-02-19 03:37 . 2008-02-19 03:37   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 05:13 . 2008-02-17 05:13   <DIR>   d--------   C:\Documents and Settings\Ryan S\Application Data\Comodo
2008-02-17 05:13 . 2008-02-17 05:13   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Comodo
2008-02-17 05:10 . 2008-02-03 03:17   209   --a------   C:\boot.ini.comodofirewall
2008-02-17 05:09 . 2008-02-17 05:09   <DIR>   d--------   C:\Program Files\Comodo
2008-02-17 04:56 . 2007-12-14 01:59   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-02-17 04:55 . 2008-02-17 04:56   <DIR>   d--------   C:\Program Files\Java
2008-02-17 04:55 . 2008-02-17 04:55   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-02-03 03:25 . 2008-02-17 02:42   <DIR>   d--------   C:\Computer Fixers
2008-02-03 02:13 . 2008-02-03 02:13   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-02-03 02:13 . 2008-02-03 02:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-03 02:03 . 2008-02-03 02:03   <DIR>   d--------   C:\getservice
2008-02-02 03:26 . 2008-02-02 03:26   <DIR>   d--------   C:\Program Files\CCleaner
2008-01-31 16:42 . 2004-08-04 00:56   116,224   --a--c---   C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-01-31 16:42 . 2001-08-17 22:36   23,040   --a--c---   C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-01-31 16:42 . 2001-08-17 22:36   17,408   --a--c---   C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-01-31 16:40 . 2001-08-17 13:28   701,386   --a--c---   C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-01-31 16:39 . 2001-08-17 13:28   794,654   --a--c---   C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-31 16:38 . 2001-08-17 22:36   525,568   --a--c---   C:\WINDOWS\system32\dllcache\tridxp.dll
2008-01-31 16:37 . 2006-03-15 07:00   571,392   --a--c---   C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-01-31 16:36 . 2001-08-17 12:18   285,760   --a--c---   C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-31 16:35 . 2006-03-15 07:00   456,704   --a--c---   C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-01-31 16:34 . 2004-08-03 22:41   404,990   --a--c---   C:\WINDOWS\system32\dllcache\slntamr.sys
2008-01-31 16:33 . 2001-08-17 22:36   495,616   --a--c---   C:\WINDOWS\system32\dllcache\sblfx.dll
2008-01-31 16:32 . 2004-08-04 00:56   397,056   --a--c---   C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-01-31 16:31 . 2001-08-17 13:28   899,146   --a--c---   C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-31 16:30 . 2006-03-15 07:00   482,304   --a--c---   C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-01-31 16:29 . 2001-08-17 14:05   351,616   --a--c---   C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-31 16:28 . 2006-03-15 07:00   226,816   --a--c---   C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-01-31 16:27 . 2006-03-15 07:00   1,875,968   --a--c---   C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-31 16:26 . 2001-08-17 12:50   320,384   --a--c---   C:\WINDOWS\system32\dllcache\mgaum.sys
2008-01-31 16:25 . 2001-08-17 13:28   802,683   --a--c---   C:\WINDOWS\system32\dllcache\ltsm.sys
2008-01-31 16:24 . 2006-03-15 07:00   811,064   --a--c---   C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-01-31 16:23 . 2006-03-15 07:00   13,463,552   --a--c---   C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-31 16:22 . 2001-08-17 13:28   542,879   --a--c---   C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-01-31 16:21 . 2001-08-17 14:56   1,733,120   --a--c---   C:\WINDOWS\system32\dllcache\g400d.dll
2008-01-31 16:20 . 2001-08-17 12:17   629,952   --a--c---   C:\WINDOWS\system32\dllcache\eqn.sys
2008-01-31 16:19 . 2001-08-17 12:14   952,007   --a--c---   C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-31 16:18 . 2001-08-17 22:36   614,429   --a--c---   C:\WINDOWS\system32\dllcache\digiview.exe
2008-01-31 16:17 . 2006-03-15 07:00   1,677,824   --a--c---   C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-31 16:16 . 2001-08-17 13:28   871,388   --a--c---   C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-31 16:15 . 2006-03-15 07:00   2,134,528   --a--c---   C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-31 16:14 . 2004-05-13 00:39   876,653   --a--c---   C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-01-31 04:30 . 2008-02-20 08:00   <DIR>   d--------   C:\Documents and Settings\Ryan S\Application Data\AVG7
2008-01-31 04:29 . 2008-01-31 04:29   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-31 04:28 . 2008-01-31 04:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-31 04:28 . 2008-01-31 04:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-01-30 13:44 . 2008-01-30 13:44   <DIR>   d--------   C:\Program Files\Security Task Manager
2008-01-30 13:44 . 2008-01-31 06:11   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 06:04   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-02-18 08:32   ---------   d-----w   C:\Documents and Settings\Ryan S\Application Data\LimeWire
2008-02-17 10:05   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-02-13 08:09   ---------   d-----w   C:\Program Files\Full Tilt Poker
2008-02-03 08:27   ---------   d-----w   C:\Program Files\Last.fm
2008-01-31 09:39   ---------   d-----w   C:\Documents and Settings\Ryan S\Application Data\AdobeUM
2008-01-30 04:56   ---------   d-----w   C:\Program Files\Winamp
2008-01-30 04:56   ---------   d-----w   C:\Program Files\uTorrent
2008-01-30 04:55   ---------   d-----w   C:\Documents and Settings\Ryan S\Application Data\uTorrent
2008-01-11 04:59   ---------   d-----w   C:\Program Files\Motorola Phone Tools
2008-01-11 04:55   ---------   d-----w   C:\Program Files\Avanquest update
2007-12-29 05:57   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-12-29 05:57   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-12-29 05:31   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-29 05:31   ---------   d-----w   C:\Program Files\Pinnacle
2007-12-29 05:30   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-12-29 05:29   ---------   d-----w   C:\Program Files\SmartSound Software
2007-12-29 05:27   ---------   d-----w   C:\Program Files\DivX
2007-12-07 09:20   25,600   ----a-w   C:\Documents and Settings\Ryan S\usbsermptxp.sys
2007-12-07 09:20   22,768   ----a-w   C:\Documents and Settings\Ryan S\usbsermpt.sys
2007-12-07 02:21   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38   550,912   ----a-w   C:\WINDOWS\system32\oleaut32.dll
2007-11-21 08:16   22,016   ----a-w   C:\WINDOWS\system32\avmeterb.dll
2006-12-20 17:54   356,352   ----a-w   C:\Documents and Settings\Ryan S\cwshredder.dll
2006-12-06 03:29   92,064   ----a-w   C:\Documents and Settings\Ryan S\mqdmmdm.sys
2006-12-06 03:29   9,232   ----a-w   C:\Documents and Settings\Ryan S\mqdmmdfl.sys
2006-12-06 03:29   79,328   ----a-w   C:\Documents and Settings\Ryan S\mqdmserd.sys
2006-12-06 03:29   66,656   ----a-w   C:\Documents and Settings\Ryan S\mqdmbus.sys
2006-12-06 03:29   6,208   ----a-w   C:\Documents and Settings\Ryan S\mqdmcmnt.sys
2006-12-06 03:29   5,936   ----a-w   C:\Documents and Settings\Ryan S\mqdmwhnt.sys
2006-12-06 03:29   4,048   ----a-w   C:\Documents and Settings\Ryan S\mqdmcr.sys
2006-10-13 11:07   81,920   ----a-w   C:\Documents and Settings\Ryan S\Application Data\ezpinst.exe
2006-10-13 11:07   47,360   ----a-w   C:\Documents and Settings\Ryan S\Application Data\pcouffin.sys
2006-10-05 16:44   1,108   ----a-w   C:\Documents and Settings\Ryan S\Application Data\wklnhst.dat
2005-06-22 05:37   45,568   --sha-r   C:\WINDOWS\system32\cygz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03 152872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 22:47 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 20:24 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 16:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 23:36 151552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 14:11 176128]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 15:58 69632]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-05 12:50 185896]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-31 04:28 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-02-17 05:09 1115728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-31 04:28 219136]

C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-20 02:00:31 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TVTonic Media Player.lnk - C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe [2006-10-06 18:24:52 315392]
TVTonic Tray.lnk - C:\Program Files\Wavexpress\TVTonic\WXTray.exe [2006-06-02 12:27:14 872448]
Venturi 2.lnk - C:\Program Files\Venturi2\Configurator\ventcfg.exe [2007-07-26 05:20:44 1478656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ryan S^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Ryan S\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-03-15 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dancer]
--a------ 2004-08-10 05:43 188416 C:\Program Files\Windows Plus\Dancer\Dancer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e412d211]
C:\WINDOWS\system32\bboynsav.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-04-05 13:21 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-04-05 13:21 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-04-05 13:21 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 18:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2006-07-29 18:34 5354792 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWindowsUpdate]
C:\WINDOWS\system32\mswinup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2kAutostart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2007-07-12 03:23 160832 C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seekmo]
c:\program files\seekmo\seekmo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-05 12:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
C:\WINDOWS\system32\winupsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFirewallSvc]
C:\WINDOWS\system32\winsvcup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R2 WXRSS;TVTonic RSS;"C:\Program Files\Wavexpress\TVTonic\WXRSS.exe" [2006-06-02 12:28]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 00:39]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
S3 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
S3 USB28xxBGA;PCTV 330e/8x0e Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-08-07 07:40]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-08-07 07:40]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 06:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d793-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba43d794-b133-11dc-ba90-001302d4c3e2}]
\Shell\AutoRun\command - H:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - H:\TVCenterPro.exe
\Shell\Shell02\Command - H:\TVCenterProSettings.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbd8c2ec-b5d4-11dc-ba91-001302d4c3e2}]
\Shell\AutoRun\command - G:\TVCenterPro.exe -autorun
\Shell\Shell01\Command - G:\TVCenterPro.exe
\Shell\Shell02\Command - G:\TVCenterProSettings.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 22:32:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 01:29:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-21  1:30:10
ComboFix-quarantined-files.txt  2008-02-21 06:29:43
ComboFix2.txt  2008-02-19 07:40:36
ComboFix3.txt  2008-02-17 09:18:42
ComboFix4.txt  2008-02-05 04:46:30
ComboFix5.txt  2008-02-02 09:49:43
.
2008-02-13 08:05:48   --- E O F --- 



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:33 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Wavexpress\TVTonic\WXRSS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: TVTonic Media Player.lnk = C:\Program Files\Wavexpress\TVTonic\WXMediaPlayer.exe
O4 - Global Startup: TVTonic Tray.lnk = C:\Program Files\Wavexpress\TVTonic\WXTray.exe
O4 - Global Startup: Venturi 2.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CCDE592-1E10-45EA-9BDB-E9A223CD29F7}: NameServer = 192.168.2.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: TVTonic RSS (WXRSS) - Wavexpress, Inc - C:\Program Files\Wavexpress\TVTonic\WXRSS.exe

--
End of file - 14568 bytes

Corrine

#20
February 23, 2008, 07:30:01 PM
Hi, Ryan.  My apology for the delay in responding.  Real life has had me occupied much more than usual.

ComboFix needs to be removed as well as the quarantined files.  Please do the following:


  • Click START then RUN
  • Now type Combofix /u in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.


I hope you learned through this exercise, Ryan, that there are dangers with P2P programs.  I can only advise that you keep your software up to date and be very careful about what you download.  Updates include not only Microsoft security updates but also your antivirus and other software.  To check if your system is missing security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications

For additional information on protecting your PC, please see Tony Klein's "So how did I get infected in the first place?" for important tips on how to prevent future infections.  There is also a lot of helpful information in "Mitch's Good Stuff" linked from here.

Install and update both SpywareBlaster & SpyGuard to prevent the installation of spyware and other potentially unwanted software:

SpywareBlaster -- http://www.javacoolsoftware.com/spywareblaster.html 
SpywareGuard --  http://www.javacoolsoftware.com/spywareguard.html 

I really like WinPatrol, which includes the features described here.

Regards,


Corrine :rose:





Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ryan002

#21
February 23, 2008, 09:49:19 PM
Thank you so much Corrine for all your help throughout the past couple weeks. I appreciate it so much... This whole website is so great and you guys really help out alot of people. I did learn my lesson about p2p programs and such... I'll try to be much more careful. I uninstalled ComboFix and thanks also for those last 3 links, I DLed them. 

Once again, thanks for your time and help and keep up the great work :D  :flowers:

Corrine

#22
February 23, 2008, 11:50:55 PM
You're welcome, Ryan.  :rose:


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ripley

#23
February 24, 2008, 04:28:12 AM
Phew, Ryan my man, you just got handled by one of the best of the best around here  :rose:

Actually I am a bit surprised that you two pulled this off and you have a workable machine given the nasty stuff you allowed in your computer.
In addition to what Corrine had pointed out...
Per your Kaspersky log, "Infected: Virus.Win32.Virut.av"< THAT one infects every .exe on your puter if it gets it's way! 
You have been living on the Eve of Destruction.

Given the extent of your music library, I personally was hoping you two would pull it out.

Within the last 2 weeks it seems you've loaded a new firewall, and some new anti-spyware proggys. 
If you spend some time reading at the support forums for these programs it will help with configuration decisions for your computer & responding to prompts. 
If you haven't found where they are, just ask.  We all know where they are, or feel free to ask specific questions about them here in a new topic.

ALL my computers have always been "music boxes" to me, so I can relate.  But if I may make a suggestion, shift gears a bit and take some time to learn about some backup options as well as how to secure your computer. 

Your comments & expediency during your "cleanup" were impressive...keep on learning!

Safe surfing Ryan002!

Ryan002

#24
February 24, 2008, 10:37:26 AM
Thanks Ripley for your comments and help :D.

I will definitely be looking more at the threads helping with the anti-spyware programs and such. I'm also glad we could get it to work out due to all my music. And also I'll need to look into good methods for backing-up my stuff as you said... Do you have any suggestions?

Also in response to the Kaspersky log and that virus.... everything should be fine now right? :-x That would be horrible to just see all my .exe's slowly getting messed up..

Thanks again buddy :).

Ripley

#25
February 24, 2008, 04:21:51 PM
If you followed Corrine's instructions here to clear your restore points & create a new one, then that part of what was showing in the Kaspersky log should be gone.
It's a good idea to run an online scan like the Kaspersky one from time to time as a second opinion to your installed anti-virus.

I asked the question awhile ago...How are YOU making system back-ups?  Might give you a starting point.

A few other discussions at LzD here, here, here, and here.
Print
Go Up Pages 1 2
User actions