MalwareBytes get blocked at startup [CLOSED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

3 Pages

1 2 3 >

MalwareBytes get blocked at startup [CLOSED], Windows Vista blocked MB..scrnshots added.

Options

camino01 View Member Profile	Sep 30 2008, 11:57 PM Post #1
Member Posts: 23 OS: Vista Home Premium	Hello, my problem is the following: After I ran MalwareBytes I got several infections (84), the program then asked me ro restart to remove them. The problem is after I restart Windows blocks Malware under the "programs blocked at startup" in the system tray, and when I try to let it nothing happens. Then if I run MalwareBytes again I get the same 84 infections. I also tried running it under safe mode, but it didn't detect any threat. Thanks a lot in advance. Here are the logs from mbam and hijackthis. Malwarebytes' Anti-Malware 1.28 Database version: 1222 Windows 6.0.6001 Service Pack 1 10/1/2008 12:42:05 AM mbam-log-2008-10-01 (00-42-05).txt Scan type: Quick Scan Objects scanned: 51578 Time elapsed: 5 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 84 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Default\Local Settings\Application Data\anesuzenyp.bin (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\igyzih._sy (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\naciveg.reg (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\ubuqicuho.bin (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\zokawi.lib (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Local Settings\alg.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Apps\2.0\srw94.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\ycuc.lib (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\bokefa.bat (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\sytetuf.sys (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\vege.ban (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\xyzunore.dl (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\zyfotydyjo.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Temporary Internet Files\etokosyb.scr (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\sec3.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\anok.bat (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\ewabutovah.dl (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\fibaw.ban (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\ybikohe.vbs (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\xacsceib.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\cftmon.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Windowsupdate.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\spool.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\My Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot. C:\Users\Default\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot. C:\Users\Default\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot. C:\Users\Default\My Documents\My Documents.url (Trojan.Zlob) -> Delete on reboot. C:\Users\Default\my documents\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\igutymyko.ban (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\ymuxag.com (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Tempmbroit.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Default\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Local Settings\Temp\_check32.bat (Malware.Trace) -> Delete on reboot. C:\Users\Default\Local Settings\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Internet Explorer\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. ============================================= Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:23 AM, on 10/1/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\IELowutil.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {392A638F-8459-4F66-A990-ECA6292B8BFE} - (no file) O3 - Toolbar: (no name) - {FB3486FF-2A37-4536-B847-D999BA4E7776} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9220 bytes This post has been edited by camino01: Oct 1 2008, 02:21 PM

camino01 View Member Profile	Oct 1 2008, 02:16 PM Post #2
Member Posts: 23 OS: Vista Home Premium	I will post some screenshots in casi I didn't explain myself correctly.. First I ran MalwareBytes and got 84 infections..which would get deleted at startup.. But after restart it get blocked by Windows, and if I click the "run blocked program" nothing happens.. Finally if I run MalwareBytes again I get the same 84 infections and the same prompt to restart.. Can somebody help me with this? Thanks in advance! This post has been edited by camino01: Oct 1 2008, 02:16 PM

fenzodahl512 View Member Profile	Oct 6 2008, 01:30 AM Post #3
Trusted Helper Posts: 4,397 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following... Please read my post CAREFULLY before proceed with this step. Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop. For more information regarding this download, please visit this webpage Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please go HERE to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. Note: DO NOT mouseclick combofix's window while it's running. That may cause it to stall

camino01 View Member Profile	Oct 6 2008, 03:30 PM Post #4
Member Posts: 23 OS: Vista Home Premium	Thanks for the help, here are the logs.. ComboFix 08-10-06.03 - Yuven 2008-10-06 16:16:54.1 - NTFSx86 Microsoft� Windows Vista� Home Premium 6.0.6001.1.1252.1.1033.18.1034 [GMT -5:00] Running from: C:\Users\Yuven\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 ))))))))))))))))))))))))))))))) . 2008-10-02 02:22 . 2008-10-02 02:22 <DIR> d-------- C:\Program Files\Sun 2008-10-02 02:12 . 2008-10-02 02:12 410,976 --a------ C:\Windows\System32\deploytk.dll 2008-10-01 02:32 . 2008-10-01 02:32 <DIR> d-------- C:\Program Files\Alwil Software 2008-10-01 02:32 . 2008-07-19 09:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-10-01 02:17 . 2008-10-06 00:52 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-01 02:17 . 2008-10-06 00:52 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-10-01 01:29 . 2008-10-01 01:29 <DIR> d-------- C:\Users\Yuven\AppData\Roaming\SUPERAntiSpyware.com 2008-10-01 01:29 . 2008-10-01 01:29 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-10-01 01:29 . 2008-10-01 01:29 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-10-01 01:29 . 2008-10-01 01:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-01 00:50 . 2008-10-01 00:50 <DIR> d-------- C:\Program Files\ERUNT 2008-10-01 00:45 . 2008-10-01 00:45 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-30 23:59 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys 2008-09-30 23:58 . 2008-09-30 23:58 <DIR> d-------- C:\Program Files\Panda Security 2008-09-09 16:28 . 2008-09-09 16:28 280 --a------ C:\Windows\System32\PDBootState 2008-09-09 14:36 . 2008-07-30 20:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 14:36 . 2008-08-01 20:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-09 14:36 . 2008-06-25 22:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-09 14:36 . 2008-06-25 22:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 14:36 . 2008-05-08 14:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-09 14:36 . 2008-05-19 21:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-09 14:36 . 2008-06-25 22:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-09 14:36 . 2008-08-01 22:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-09 14:36 . 2008-07-30 22:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-06 02:29 --------- d-----w C:\Program Files\Java 2008-10-05 15:53 --------- d-----w C:\Users\Yuven\AppData\Roaming\Azureus 2008-10-02 01:38 --------- d-----w C:\Program Files\Microsoft Games 2008-10-01 07:28 --------- d-----w C:\ProgramData\avg8 2008-10-01 05:06 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-10-01 05:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-10-01 03:46 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-10 06:09 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 05:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-10 05:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-05 00:01 --------- d-----w C:\ProgramData\FLEXnet 2008-09-04 23:54 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-04 23:27 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-08-29 21:07 --------- d-----w C:\Users\Yuven\AppData\Roaming\PLT Scheme 2008-08-29 20:56 --------- d-----w C:\Program Files\PLT 2008-08-29 19:45 --------- d-----w C:\Users\Yuven\AppData\Roaming\Notepad++ 2008-08-29 19:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0 2008-08-28 03:22 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-08-28 03:21 --------- d-----w C:\Program Files\Microsoft Analysis Services 2008-08-28 03:18 --------- d-----w C:\Program Files\Microsoft Sync Framework 2008-08-28 02:53 --------- d-----w C:\Program Files\Common Files\Merge Modules 2008-08-22 10:08 878,592 ----a-w C:\Windows\System32\wininet.dll 2008-08-22 10:07 43,008 ----a-w C:\Windows\System32\licmgr10.dll 2008-08-22 10:07 18,944 ----a-w C:\Windows\System32\corpol.dll 2008-08-22 10:06 72,704 ----a-w C:\Windows\System32\admparse.dll 2008-08-22 10:06 71,680 ----a-w C:\Windows\System32\iesetup.dll 2008-08-22 10:06 66,560 ----a-w C:\Windows\System32\wextract.exe 2008-08-22 10:06 129,024 ----a-w C:\Windows\System32\ieUnatt.exe 2008-08-22 10:06 110,080 ----a-w C:\Windows\System32\PDMSetup.exe 2008-08-22 10:06 103,936 ----a-w C:\Windows\System32\SetDepNx.exe 2008-08-22 10:06 103,424 ----a-w C:\Windows\System32\SetIEInstalledDate.exe 2008-08-22 10:05 35,840 ----a-w C:\Windows\System32\imgutil.dll 2008-08-22 10:05 168,960 ----a-w C:\Windows\System32\iexpress.exe 2008-08-22 10:04 48,640 ----a-w C:\Windows\System32\PrivacIE.dll 2008-08-22 10:04 48,128 ----a-w C:\Windows\System32\mshtmler.dll 2008-08-22 10:04 45,568 ----a-w C:\Windows\System32\mshta.exe 2008-08-22 09:57 156,160 ----a-w C:\Windows\System32\msls31.dll 2008-08-22 03:38 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-08-22 03:38 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-08-22 03:38 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-08-22 03:38 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-08-22 00:42 --------- d-----w C:\Program Files\XNote Stopwatch 2008-08-19 15:58 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-19 00:18 --------- d-----w C:\Program Files\World of Warcraft 2008-08-15 10:33 --------- d-----w C:\Program Files\Windows Mail 2008-08-14 22:08 --------- d-----w C:\Program Files\Apple Software Update 2008-08-14 22:07 --------- d-----w C:\ProgramData\Apple Computer 2008-08-14 22:07 --------- d-----w C:\Program Files\iTunes 2008-08-14 22:07 --------- d-----w C:\Program Files\iPod 2008-08-14 00:26 --------- d-----w C:\Users\Yuven\AppData\Roaming\Download Manager 2008-08-05 02:18 81,984 ----a-w C:\Windows\System32\bdod.bin 2008-07-27 18:03 96,760 ----a-w C:\Windows\System32\dfshim.dll 2008-07-27 18:03 83,968 ----a-w C:\Windows\System32\mscories.dll 2008-07-27 18:03 41,984 ----a-w C:\Windows\System32\netfxperf.dll 2008-07-27 18:03 282,112 ----a-w C:\Windows\System32\mscoree.dll 2008-07-27 18:03 158,720 ----a-w C:\Windows\System32\mscorier.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-19 03:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-19 01:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-11 01:44 720,896 ----a-w C:\Windows\iun6002.exe 2008-07-10 00:28 174 --sha-w C:\Program Files\desktop.ini 2008-07-09 23:50 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-07-09 23:50 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-07-09 23:07 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-07-09 23:07 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-03-11 19:17 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-28 7753728] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-28 81920] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2006-11-13 118784] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128] "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2006-11-14 411768] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656] "avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-02 140696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-11-24 13:36 73728 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --a------ 2008-03-21 10:21 91432 C:\Program Files\CyberLink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2008-02-11 20:13 141848 C:\Windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] --------- 2007-12-14 11:36 50472 C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] --------- 2008-03-20 20:23 83240 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] --a------ 2006-12-06 19:08 577536 C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3711415003-3522214663-1589995555-1005] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{87E864E8-6589-4099-B88D-5200E4354EC9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{33346407-502C-40EA-91FC-B4869914A980}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{30F31523-45DF-45DC-A0BD-C3F4D0BED4A7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{8AB94599-189F-4093-8A10-C444F5287BF6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{F567E6D4-BFC2-4EC0-BDB6-BB52912CF8C6}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{C926EA4A-27AB-45BA-8952-2E886542A063}C:\\program files\\java\\jdk1.6.0_05\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_05\bin\java.exe:Java™ Platform SE binary "UDP Query User{A947E2F8-4137-402D-BD9D-B2DFABA2CA20}C:\\program files\\java\\jdk1.6.0_05\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_05\bin\java.exe:Java™ Platform SE binary "TCP Query User{20513252-21A9-4303-B864-784E9F0B55DB}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{103F1445-31DC-43DD-94B8-8A105213D3A2}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{87EFB3B8-7A34-4B6A-A7E9-CC655069E5D7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{C636B9BD-7210-4A2C-8564-B2AFD91BB2C3}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{4CA63C17-0C5C-4E8F-9A67-BC0F71C77A46}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{911B2A4A-E4EF-4967-A238-5A2011D3D672}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{75BAE316-6AA8-4AE5-83A2-3EFEA265DC21}C:\\program files\\java\\jdk1.6.0_05\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_05\bin\java.exe:Java™ Platform SE binary "UDP Query User{85BFAA02-D36C-4F72-A6E0-F468BCF81D30}C:\\program files\\java\\jdk1.6.0_05\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_05\bin\java.exe:Java™ Platform SE binary "TCP Query User{C1E77653-8A10-4CE6-B3EA-0DAC4F4D3794}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java™ Platform SE binary "UDP Query User{88ABFC47-34F8-4926-813C-200B7B8B0AFE}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java™ Platform SE binary "{3D72CB2C-E557-42BD-98BA-85DB9235113A}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{A9959702-DC5F-404F-ABCA-5CEBA5C79598}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E3D41BD6-7BBD-490D-8C91-37F47E70B2B0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{083268D4-6961-409B-80B8-422BAB8AEF43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F613DA19-0AFB-46ED-8564-6CD11F63E58F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{95A4F0CA-CB87-43FA-A69B-28150F4DB8FC}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java™ Platform SE binary "UDP Query User{436026CC-073B-4EC5-9293-39DF3A541330}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java™ Platform SE binary "TCP Query User{E4FB48E8-1DCC-4D09-B427-53CB58FD5629}C:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:C:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{E0565659-6E52-4DF9-97E2-A1EFF47321CB}C:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:C:\xampplite\mysql\bin\mysqld.exe:mysqld "TCP Query User{398FC35A-4FED-4B30-A6A6-29DA72698CE7}C:\\xampp\\apache\\bin\\apache.exe"= UDP:C:\xampp\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{6267CAC0-0E27-4F28-A495-714BEE3F71D4}C:\\xampp\\apache\\bin\\apache.exe"= TCP:C:\xampp\apache\bin\apache.exe:Apache HTTP Server "{D73DD385-2357-4E97-8849-8088D9747E8F}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0 "{C82782A2-7605-4A97-B84A-AFF7C2DB3A7F}"= UDP:C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:sqlservr "{F71A5EB4-1225-4A4D-A23D-5A9C6F1B0663}"= TCP:C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:sqlservr "{DEC8F7E8-2477-4DF0-A957-F4799E8CC221}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{B7492F4F-D2EB-4077-A005-A10ED01E4B1E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{2162AC40-472B-4BA4-B3D8-C18A64A2B1AE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{392D6077-D4F6-4CB2-B100-1573344D985E}"= UDP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Anti-Malware "{D084CD6D-F0D8-4D1B-B134-681A87E83BCC}"= TCP:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:Anti-Malware "{7A350DC6-23E6-443E-A92F-6A543CE0A049}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "{3BBDD0AD-3CBD-44BF-B268-B81474365530}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-06-25 40368] R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24 41456] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840] R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-11-28 72704] R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-11-28 43904] R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [2006-11-08 30976] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2006-11-10 227328] S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-17 24635] S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-11 741376] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-10-09 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 1089536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24950813-fc47-11dc-b57a-0013a9840c24}] \shell\AutoRun\command - lkxcqdb.bat \shell\explore\Command - lkxcqdb.bat \shell\open\Command - lkxcqdb.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fea26f5-2da8-11dd-b70e-0013a9840c24}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a49253-0cb4-11dd-b10a-0013a9840c24}] \shell\AutoRun\command - G:\LaunchU3.exe -a Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-06 C:\Windows\Tasks\GoogleUpdateTaskUser.job - C:\Users\Yuven\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 19:02] 2008-10-06 C:\Windows\Tasks\User_Feed_Synchronization-{179A2AF5-080C-45CD-9337-B9EBD602BFBC}.job - C:\Windows\system32\msfeedssync.exe [2008-08-22 05:05] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Yuven\AppData\Roaming\Mozilla\Firefox\Profiles\z1y2crgx.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.elnorte.com/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - C:\Users\Yuven\AppData\Local\Google\Update\1.2.131.19\npGoogleOneClick6.dll FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-06 16:21:43 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-10-06 16:24:14 ComboFix-quarantined-files.txt 2008-10-06 21:24:09 Pre-Run: 47,301,226,496 bytes free Post-Run: 47,271,022,592 bytes free 288 --- E O F --- 2008-10-03 02:39:17 Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:28:37 PM, on 10/6/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Yuven\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\conime.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Windows\Explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Yuven\Documents\Autoruns\autoruns.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9292 bytes

fenzodahl512 View Member Profile	Oct 6 2008, 08:09 PM Post #5
Trusted Helper Posts: 4,397 OS: Windows XP	Please download Dr.Web CureIt to the Desktop: Please reboot into Safe Mode Once you are in Safe Mode, double-click the launch.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan Click the green arrow button at the right, and the scan will start. After the scan finished, click Select all Click on Cure and choose Move incurable When the scan has finished, in the menu, click File and choose Save report list Save the report to your Desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad) *NEXT* Please run a free online scan with the ESET Online Scanner *Note*: You will need to use Internet Explorer for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic Post me these logs in your next reply.. 1. Dr Web CureIt 2. ESET Online report.. 3. How is your computer doing?

camino01

Oct 7 2008, 09:47 AM

Post