Possible malware problem [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Possible malware problem [RESOLVED], antivirus 2009 scan

Options

ttsstr5 View Member Profile	Sep 20 2008, 05:43 PM Post #1
Member Posts: 24 OS: windows vista	I clicked on a link in a google search and it did not take me to the site that was listed. Instead I was taken to that stupid antivirus2009 scan telling me computer was infected. Last time that happened I ended up with all kinds of problems. Please tell me what programs I need to run so as to find out if I have been reinfected

andrewuk View Member Profile	Sep 20 2008, 06:47 PM Post #2
Trusted Helper Posts: 4,530 From: London, UK OS: XP	Hi ttsstr5 welcome to geekstogo We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. andrewuk This post has been edited by andrewuk: Sep 20 2008, 06:48 PM

ttsstr5 View Member Profile	Sep 20 2008, 09:32 PM Post #3
Member Posts: 24 OS: windows vista	Here are the ComboFix and HiJackThis logs. I am also going to attach them in case they are too big for the reply. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:26:50 PM, on 9/20/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ShortKeys2\shortkey.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\WildGames\FATE Undiscovered Realms\Fate-WT.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUplden-us.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220502954528 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220991586310 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11673 bytes ComboFix 08-09-20.05 - Brandy 2008-09-20 20:18:50.3 - NTFSx86 Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.1.1033.18.975 [GMT -7:00] Running from: C:\Users\Brandy\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))) . 2008-09-18 16:14 . 2008-09-18 16:14 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Uniblue 2008-09-18 16:13 . 2008-09-18 16:17 <DIR> d--h-c--- C:\Users\All Users\~0 2008-09-18 16:13 . 2008-09-18 16:17 <DIR> d--h-c--- C:\ProgramData\~0 2008-09-17 18:17 . 2008-09-17 18:17 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\KeePass 2008-09-17 18:11 . 2008-09-17 18:11 <DIR> d-------- C:\Program Files\KeePass Password Safe 2008-09-17 17:00 . 2008-09-17 17:00 <DIR> d-------- C:\Program Files\CAM Development 2008-09-16 13:15 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll 2008-09-16 13:14 . 2008-09-16 13:14 <DIR> d-------- C:\Intel 2008-09-16 10:31 . 2008-01-17 04:00 68,232 --a------ C:\Windows\UnDeployV.exe 2008-09-10 13:33 . 2008-09-10 13:34 <DIR> d-------- C:\Program Files\Makeover Buddy Pogo 2008-09-10 08:19 . 2008-09-10 08:19 <DIR> d-------- C:\Program Files\Bytescribe 2008-09-10 08:19 . 2001-05-08 06:00 16,144 --a------ C:\Windows\System32\tsd32.dll 2008-09-10 08:19 . 2001-05-08 06:00 9,488 --a------ C:\Windows\System32\tssoft32.acm 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\Users\All Users\Apple 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\ProgramData\Apple 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\Program Files\Apple Software Update 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\ProgramData\Apple Computer 2008-09-09 13:17 . 2008-09-09 13:18 <DIR> d-------- C:\Program Files\QuickTime 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-09-09 11:34 . 2008-07-30 16:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 11:34 . 2008-07-30 20:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-09-09 11:34 . 2008-06-25 20:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 11:34 . 2008-07-30 20:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-08 14:05 . 2008-09-09 07:43 <DIR> d-------- C:\Users\All Users\Zultrax P2P 2008-09-08 14:05 . 2008-09-09 07:43 <DIR> d-------- C:\ProgramData\Zultrax P2P 2008-09-08 14:05 . 2008-09-08 14:05 <DIR> d-------- C:\Program Files\Zultrax P2P 2008-09-08 14:05 . 2008-09-18 13:42 <DIR> d-------- C:\Downloads 2008-09-07 11:41 . 2008-09-11 07:04 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-07 11:41 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-09-05 13:06 . 2008-09-05 15:17 250 --a------ C:\Windows\gmer.ini 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\Users\All Users\Avira 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\ProgramData\Avira 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\Program Files\Avira 2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\rsit 2008-09-03 23:38 . 2008-09-05 13:03 <DIR> d-------- C:\Temp 2008-09-03 21:51 . 2008-09-03 21:51 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Malwarebytes 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-03 21:02 . 2008-09-03 21:02 691 --a------ C:\Users\Brandy\AppData\Roaming\GetValue.vbs 2008-09-03 21:02 . 2008-09-03 21:02 35 --a------ C:\Users\Brandy\AppData\Roaming\SetValue.bat 2008-09-03 21:01 . 2008-09-03 21:02 3,578 --a------ C:\Windows\System32\tmp.reg 2008-09-03 20:56 . 2008-09-03 20:56 <DIR> d-------- C:\Users\Brandy\SmitfraudFix 2008-09-03 20:45 . 2008-09-03 20:47 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-09-03 20:45 . 2008-09-03 20:47 <DIR> d-------- C:\ProgramData\Lavasoft 2008-09-03 19:06 . 2008-09-03 19:06 1,152 --a------ C:\Windows\System32\windrv.sys 2008-09-03 19:05 . 2008-09-03 21:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Download Manager 2008-09-02 22:03 . 2008-09-02 22:03 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Roxio 2008-09-02 22:03 . 2008-09-02 22:05 <DIR> d-------- C:\Users\All Users\Roxio 2008-09-02 22:03 . 2008-09-02 22:05 <DIR> d-------- C:\ProgramData\Roxio 2008-09-02 21:27 . 2008-09-02 21:27 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Canneverbe_Limited 2008-08-28 10:26 . 2008-09-08 04:45 <DIR> d-------- C:\Program Files\Aces Up Buddy Pogo 2008-08-22 11:12 . 2008-08-22 11:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Winamp 2008-08-21 18:19 . 2008-08-21 18:19 <DIR> d-------- C:\$WWAssociativeLinks 2008-08-21 18:18 . 2008-08-21 18:19 <DIR> d-------- C:\images 2008-08-21 18:18 . 2008-08-21 18:19 <DIR> d-------- C:\$WWKeywordLinks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 00:45 --------- d-----w C:\Users\Brandy\AppData\Roaming\OpenOffice.org2 2008-09-20 16:53 --------- d-----w C:\ProgramData\Google Updater 2008-09-18 21:08 --------- d-----w C:\ProgramData\WildTangent 2008-09-18 06:28 --------- d---a-w C:\ProgramData\TEMP 2008-09-17 23:57 --------- d-----w C:\ProgramData\WinZip 2008-09-16 18:13 --------- d-----w C:\Program Files\CP-Autos 2008-09-12 17:34 --------- d-----w C:\Users\Brandy\AppData\Roaming\Pogo Games 2008-09-10 19:31 --------- d-----w C:\Program Files\Oberon Media 2008-09-05 19:34 --------- d-----w C:\ProgramData\Symantec 2008-09-04 18:20 --------- d-----w C:\Program Files\Java 2008-09-04 07:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-09-04 07:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-09-04 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-03 05:03 --------- d-----w C:\ProgramData\Sonic 2008-09-03 04:22 --------- d-----w C:\Users\Brandy\AppData\Roaming\Ashampoo 2008-08-23 17:16 --------- d-----w C:\Program Files\ShortKeys2 2008-08-22 18:13 --------- d-----w C:\Program Files\Winamp 2008-08-21 06:35 --------- d-----w C:\ProgramData\Sony Corporation 2008-08-21 05:55 --------- d-----w C:\Program Files\WildGames 2008-08-20 02:42 --------- d-----w C:\ProgramData\Winamp Toolbar 2008-08-18 13:15 921,600 ----a-w C:\Windows\system32\drivers\athr.sys 2008-08-16 06:19 --------- d-----w C:\Program Files\Windows Mail 2008-08-15 06:36 --------- d-----w C:\ProgramData\Operation Mania 2008-08-12 07:33 --------- d-----w C:\Program Files\Argente Software 2008-08-12 07:22 --------- d-----w C:\Program Files\Derby Buddy Pogo 2008-08-12 07:21 --------- d-----w C:\Program Files\Bowling Buddy Pogo 2008-08-09 11:00 --------- d-----w C:\Program Files\MSN Messenger 2008-08-09 10:48 --------- d-----w C:\Users\Brandy\AppData\Roaming\Corel 2008-08-05 06:01 --------- d-----w C:\Program Files\PrintKey2000 2008-08-05 05:59 --------- d-----w C:\Users\Brandy\AppData\Roaming\IObit 2008-08-05 05:48 --------- d-----w C:\Program Files\Bingo Luau Buddy Pogo 2008-08-03 08:02 --------- d-----w C:\Users\Brandy\AppData\Roaming\WildTangent 2008-08-03 07:38 --------- d-----w C:\Program Files\TOSHIBA Games 2008-08-02 07:07 --------- d-----w C:\Users\Brandy\AppData\Roaming\Sony Corporation 2008-07-31 20:59 --------- d-----w C:\ProgramData\ashampoo 2008-07-31 20:14 --------- d-----w C:\Program Files\IObit 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-30 20:40 174 --sha-w C:\Program Files\desktop.ini 2008-07-30 20:36 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-30 20:30 --------- d-----w C:\ProgramData\eSellerate 2008-07-30 20:30 --------- d-----w C:\Program Files\Common Files\eSellerate 2008-07-30 20:14 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-07-30 20:14 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-07-30 20:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-07-30 20:13 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-07-30 20:13 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-07-30 20:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-07-30 20:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-07-30 20:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-07-30 20:13 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-07-30 20:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-07-30 20:11 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-07-30 20:08 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-07-30 20:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-07-30 20:06 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-07-30 20:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-07-30 20:06 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-07-30 20:06 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-07-30 20:05 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-07-30 20:05 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-07-30 20:05 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-07-30 20:05 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-07-30 20:05 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-07-30 20:05 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2008-07-30 20:05 223,232 ----a-w C:\Windows\System32\SLC.dll 2008-07-30 20:05 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2008-07-30 20:05 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2008-07-30 20:05 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-07-30 20:05 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-07-30 20:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-07-30 20:03 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-07-30 20:03 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-07-30 20:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-07-30 20:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-07-30 20:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-07-30 20:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-07-30 20:01 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-07-30 20:01 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-07-30 20:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-07-30 20:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-07-30 19:50 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-07-30 19:48 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-30 19:41 --------- d-----w C:\Program Files\Analysis UK Ltd 2008-07-30 19:37 --------- d-----w C:\Program Files\Microsoft Works 2008-07-30 12:41 0 ----a-w C:\Users\Brandy\AppData\Roaming\wklnhst.dat 2008-07-30 12:38 --------- d-----w C:\ProgramData\Yahoo! 2008-07-30 12:37 --------- d-----w C:\ProgramData\Insight Software Solutions 2008-07-30 12:37 --------- d-----w C:\ProgramData\Insight Software 2008-07-30 12:37 --------- d-----w C:\Program Files\Yahoo! 2008-07-30 12:37 --------- d-----w C:\Program Files\Common Files\Insight Software Solutions 2008-07-30 12:21 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-30 12:21 --------- d-----w C:\Program Files\Google 2008-07-30 12:18 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-30 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-30 12:04 --------- d-----w C:\Users\Brandy\AppData\Roaming\Webroot 2008-07-30 10:51 0 ---ha-r C:\Windows\system32\drivers\Sony_VGN-NR260E.mrk . CODE <pre> ----a-w 1,263,076 2008-08-25 14:34:18 C:\Program Files\CP-Autos\CP Loader\Bingo Luau - Bluau .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon] @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}" [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}] 2007-10-05 10:54 303104 --------- C:\DDI\overicon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856] "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-05-27 4269296] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-19 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-19 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-19 137752] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 118784] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "VAIO Help and Support Demo"="C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-27 290816] "VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056] "VAIORegistration"="C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480] "VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 20:05 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\Windows\pss\Printkey2000.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk backup=C:\Windows\pss\ShortKeys 2.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Brandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] path=C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk backup=C:\Windows\pss\ShortKeys 2.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM] --a------ 2008-07-22 15:42 193536 C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar] --a------ 2007-09-06 15:38 53248 c:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BE953696-C870-4489-B5F8-D1BB6325DE47}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{C1DF8774-1941-4F25-8739-C5A8241AD393}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{B22A7C5F-EE86-4CAB-91CC-B17BAA55596C}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{0335F0D8-77B7-4284-9088-6B3FF02A5835}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{096874B8-139C-4C0E-A384-C524336A9E13}"= UDP:C:\Program Files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{B05C5513-57D6-46F6-AFE6-68B5BE48C44B}"= TCP:C:\Program Files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{806EF32B-19D7-45FC-8933-D652E1E15819}"= UDP:C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0 "{B4230531-C369-4150-949D-B3A5364BCD6A}"= TCP:C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0 "{A157B862-999F-45F0-B390-E498B970441B}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{4C63EFBF-1F51-4845-BBE1-CF7FACD0B4C1}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{3FAAE14D-B2F9-4638-A2E6-42410435EF88}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{AC705EB6-946C-48ED-AF41-D3E70DBB37FF}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{786E9B06-A7BF-4E96-B1E8-F87F7E8EEEB6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{4CDF985B-571A-4E90-9A8C-0BCE6FC5A4EF}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{91008DB5-CAF4-4DCD-A057-9681CBCCF1E3}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{EBE23954-9203-402B-8A30-38E41D9A0B50}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{A334A47F-0501-48FB-B2BA-2115CE310AD0}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{1A57DBEC-8535-4109-A656-9C27D02C957E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{3060BD21-4A17-4833-BE40-FC1CF9476DEF}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{36787B3C-7FD5-44E1-9857-9C5937D34650}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{80A0F1F2-5204-46C9-8DDB-127DE637B691}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{A9A1829E-D27D-49B2-A135-E133EAB888EA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C642153F-22A5-4F16-BAA1-B3A5B545D2CE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{A6C6E1CC-F0AD-4291-9A05-8F1215A4AAD4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{7F4274C8-EB3B-4244-8890-AF79205F1191}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{BCE7C757-E1DB-4BB6-BB51-D40233EDF5CC}C:\\program files\\zultrax p2p\\zultrax.exe"= UDP:C:\program files\zultrax p2p\zultrax.exe:Zultrax "UDP Query User{4E8FD966-AD98-4323-A223-ECC3ED0CD581}C:\\program files\\zultrax p2p\\zultrax.exe"= TCP:C:\program files\zultrax p2p\zultrax.exe:Zultrax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| R2 NSUService;NSUService;C:\Program Files\Sony\Network Utility\NSUService.exe [2007-09-20 204800] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-28 9344] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-19 246784] S3 GameConsoleService;GameConsoleService;C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-05 165416] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Brandy\AppData\Roaming\Mozilla\Firefox\Profiles\0v1gsi7r.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.pogo.com/home/home.do FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1265.1931\npCIDetect12.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-20 20:22:29 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . Completion time: 2008-09-20 20:25:02 ComboFix-quarantined-files.txt 2008-09-21 03:23:57 ComboFix2.txt 2008-09-05 20:04:56 Pre-Run: 123,720,667,136 bytes free Post-Run: 123,703,566,336 bytes free 319 --- E O F --- 2008-09-18 20:53:15 Attached File(s)** log.txt ( 23.93K ) Number of downloads: 17 hijackthis.txt ( 11.4K ) Number of downloads: 17

andrewuk View Member Profile	Sep 21 2008, 08:35 AM Post #4
Trusted Helper Posts: 4,530 From: London, UK OS: XP	Firstly, should this your start page? www.pogo.com/home/home.do secondly: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE DirLook:: C:\Users\All Users\~0 C:\ProgramData\~0 RenV:: C:\Program Files\CP-Autos\CP Loader\Bingo Luau - Bluau .exe Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. and can you post a new hijackthis log. andrewuk

ttsstr5 View Member Profile	Sep 21 2008, 01:16 PM Post #5
Member Posts: 24 OS: windows vista	Yes pogo.com is a game site I belong to and I have it set as my homepage. Here are the new logs. ComboFix 08-09-20.05 - Brandy 2008-09-21 12:06:20.4 - NTFSx86 Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.1.1033.18.972 [GMT -7:00] Running from: C:\Users\Brandy\Desktop\ComboFix.exe Command switches used :: C:\Users\Brandy\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 ))))))))))))))))))))))))))))))) . 2008-09-18 16:14 . 2008-09-18 16:14 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Uniblue 2008-09-18 16:13 . 2008-09-18 16:17 <DIR> d--h-c--- C:\Users\All Users\~0 2008-09-18 16:13 . 2008-09-18 16:17 <DIR> d--h-c--- C:\ProgramData\~0 2008-09-17 18:17 . 2008-09-17 18:17 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\KeePass 2008-09-17 18:11 . 2008-09-17 18:11 <DIR> d-------- C:\Program Files\KeePass Password Safe 2008-09-17 17:00 . 2008-09-17 17:00 <DIR> d-------- C:\Program Files\CAM Development 2008-09-16 13:15 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll 2008-09-16 13:14 . 2008-09-16 13:14 <DIR> d-------- C:\Intel 2008-09-16 10:31 . 2008-01-17 04:00 68,232 --a------ C:\Windows\UnDeployV.exe 2008-09-10 13:33 . 2008-09-10 13:34 <DIR> d-------- C:\Program Files\Makeover Buddy Pogo 2008-09-10 08:19 . 2008-09-10 08:19 <DIR> d-------- C:\Program Files\Bytescribe 2008-09-10 08:19 . 2001-05-08 06:00 16,144 --a------ C:\Windows\System32\tsd32.dll 2008-09-10 08:19 . 2001-05-08 06:00 9,488 --a------ C:\Windows\System32\tssoft32.acm 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\Users\All Users\Apple 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\ProgramData\Apple 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\Program Files\Apple Software Update 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\ProgramData\Apple Computer 2008-09-09 13:17 . 2008-09-09 13:18 <DIR> d-------- C:\Program Files\QuickTime 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-09-09 11:34 . 2008-07-30 16:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 11:34 . 2008-07-30 20:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-09-09 11:34 . 2008-06-25 20:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 11:34 . 2008-07-30 20:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-08 14:05 . 2008-09-09 07:43 <DIR> d-------- C:\Users\All Users\Zultrax P2P 2008-09-08 14:05 . 2008-09-09 07:43 <DIR> d-------- C:\ProgramData\Zultrax P2P 2008-09-08 14:05 . 2008-09-08 14:05 <DIR> d-------- C:\Program Files\Zultrax P2P 2008-09-08 14:05 . 2008-09-18 13:42 <DIR> d-------- C:\Downloads 2008-09-07 11:41 . 2008-09-11 07:04 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-07 11:41 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-09-05 13:06 . 2008-09-05 15:17 250 --a------ C:\Windows\gmer.ini 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\Users\All Users\Avira 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\ProgramData\Avira 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\Program Files\Avira 2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\rsit 2008-09-03 23:38 . 2008-09-05 13:03 <DIR> d-------- C:\Temp 2008-09-03 21:51 . 2008-09-03 21:51 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Malwarebytes 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-03 21:02 . 2008-09-03 21:02 691 --a------ C:\Users\Brandy\AppData\Roaming\GetValue.vbs 2008-09-03 21:02 . 2008-09-03 21:02 35 --a------ C:\Users\Brandy\AppData\Roaming\SetValue.bat 2008-09-03 21:01 . 2008-09-03 21:02 3,578 --a------ C:\Windows\System32\tmp.reg 2008-09-03 20:56 . 2008-09-03 20:56 <DIR> d-------- C:\Users\Brandy\SmitfraudFix 2008-09-03 20:45 . 2008-09-03 20:47 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-09-03 20:45 . 2008-09-03 20:47 <DIR> d-------- C:\ProgramData\Lavasoft 2008-09-03 19:06 . 2008-09-03 19:06 1,152 --a------ C:\Windows\System32\windrv.sys 2008-09-03 19:05 . 2008-09-03 21:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Download Manager 2008-09-02 22:03 . 2008-09-02 22:03 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Roxio 2008-09-02 22:03 . 2008-09-02 22:05 <DIR> d-------- C:\Users\All Users\Roxio 2008-09-02 22:03 . 2008-09-02 22:05 <DIR> d-------- C:\ProgramData\Roxio 2008-09-02 21:27 . 2008-09-02 21:27 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Canneverbe_Limited 2008-08-28 10:26 . 2008-09-08 04:45 <DIR> d-------- C:\Program Files\Aces Up Buddy Pogo 2008-08-22 11:12 . 2008-08-22 11:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Winamp 2008-08-21 18:19 . 2008-08-21 18:19 <DIR> d-------- C:\$WWAssociativeLinks 2008-08-21 18:18 . 2008-08-21 18:19 <DIR> d-------- C:\images 2008-08-21 18:18 . 2008-08-21 18:19 <DIR> d-------- C:\$WWKeywordLinks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 17:53 --------- d-----w C:\ProgramData\Google Updater 2008-09-21 08:00 --------- d---a-w C:\ProgramData\TEMP 2008-09-21 00:45 --------- d-----w C:\Users\Brandy\AppData\Roaming\OpenOffice.org2 2008-09-18 21:08 --------- d-----w C:\ProgramData\WildTangent 2008-09-17 23:57 --------- d-----w C:\ProgramData\WinZip 2008-09-16 18:13 --------- d-----w C:\Program Files\CP-Autos 2008-09-12 17:34 --------- d-----w C:\Users\Brandy\AppData\Roaming\Pogo Games 2008-09-10 19:31 --------- d-----w C:\Program Files\Oberon Media 2008-09-05 19:34 --------- d-----w C:\ProgramData\Symantec 2008-09-04 18:20 --------- d-----w C:\Program Files\Java 2008-09-04 07:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-09-04 07:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-09-04 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-03 05:03 --------- d-----w C:\ProgramData\Sonic 2008-09-03 04:22 --------- d-----w C:\Users\Brandy\AppData\Roaming\Ashampoo 2008-08-23 17:16 --------- d-----w C:\Program Files\ShortKeys2 2008-08-22 18:13 --------- d-----w C:\Program Files\Winamp 2008-08-21 06:35 --------- d-----w C:\ProgramData\Sony Corporation 2008-08-21 05:55 --------- d-----w C:\Program Files\WildGames 2008-08-20 02:42 --------- d-----w C:\ProgramData\Winamp Toolbar 2008-08-18 13:15 921,600 ----a-w C:\Windows\system32\drivers\athr.sys 2008-08-16 06:19 --------- d-----w C:\Program Files\Windows Mail 2008-08-15 06:36 --------- d-----w C:\ProgramData\Operation Mania 2008-08-12 07:33 --------- d-----w C:\Program Files\Argente Software 2008-08-12 07:22 --------- d-----w C:\Program Files\Derby Buddy Pogo 2008-08-12 07:21 --------- d-----w C:\Program Files\Bowling Buddy Pogo 2008-08-09 11:00 --------- d-----w C:\Program Files\MSN Messenger 2008-08-09 10:48 --------- d-----w C:\Users\Brandy\AppData\Roaming\Corel 2008-08-05 06:01 --------- d-----w C:\Program Files\PrintKey2000 2008-08-05 05:59 --------- d-----w C:\Users\Brandy\AppData\Roaming\IObit 2008-08-05 05:48 --------- d-----w C:\Program Files\Bingo Luau Buddy Pogo 2008-08-03 08:02 --------- d-----w C:\Users\Brandy\AppData\Roaming\WildTangent 2008-08-03 07:38 --------- d-----w C:\Program Files\TOSHIBA Games 2008-08-02 07:07 --------- d-----w C:\Users\Brandy\AppData\Roaming\Sony Corporation 2008-07-31 20:59 --------- d-----w C:\ProgramData\ashampoo 2008-07-31 20:14 --------- d-----w C:\Program Files\IObit 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-30 20:40 174 --sha-w C:\Program Files\desktop.ini 2008-07-30 20:36 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-30 20:30 --------- d-----w C:\ProgramData\eSellerate 2008-07-30 20:30 --------- d-----w C:\Program Files\Common Files\eSellerate 2008-07-30 20:14 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-07-30 20:14 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-07-30 20:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-07-30 20:13 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-07-30 20:13 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-07-30 20:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-07-30 20:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-07-30 20:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-07-30 20:13 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-07-30 20:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-07-30 20:11 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-07-30 20:08 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-07-30 20:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-07-30 20:06 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-07-30 20:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-07-30 20:06 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-07-30 20:06 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-07-30 20:05 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-07-30 20:05 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-07-30 20:05 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-07-30 20:05 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-07-30 20:05 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-07-30 20:05 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2008-07-30 20:05 223,232 ----a-w C:\Windows\System32\SLC.dll 2008-07-30 20:05 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2008-07-30 20:05 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2008-07-30 20:05 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-07-30 20:05 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-07-30 20:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-07-30 20:03 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-07-30 20:03 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-07-30 20:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-07-30 20:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-07-30 20:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-07-30 20:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-07-30 20:01 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-07-30 20:01 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-07-30 20:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-07-30 20:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-07-30 19:50 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-07-30 19:48 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-30 19:41 --------- d-----w C:\Program Files\Analysis UK Ltd 2008-07-30 19:37 --------- d-----w C:\Program Files\Microsoft Works 2008-07-30 12:41 0 ----a-w C:\Users\Brandy\AppData\Roaming\wklnhst.dat 2008-07-30 12:38 --------- d-----w C:\ProgramData\Yahoo! 2008-07-30 12:37 --------- d-----w C:\ProgramData\Insight Software Solutions 2008-07-30 12:37 --------- d-----w C:\ProgramData\Insight Software 2008-07-30 12:37 --------- d-----w C:\Program Files\Yahoo! 2008-07-30 12:37 --------- d-----w C:\Program Files\Common Files\Insight Software Solutions 2008-07-30 12:21 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-30 12:21 --------- d-----w C:\Program Files\Google 2008-07-30 12:18 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-30 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-30 12:04 --------- d-----w C:\Users\Brandy\AppData\Roaming\Webroot 2008-07-30 10:51 0 ---ha-r C:\Windows\system32\drivers\Sony_VGN-NR260E.mrk . CODE <pre> ----a-w 1,263,076 2008-08-25 14:34:18 C:\Program Files\CP-Autos\CP Loader\Bingo Luau - Bluau .exe </pre> (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\ProgramData\~0 ---- 2008-08-27 03:05 579156 -----c--- C:\ProgramData\~0\mia.lib 2008-08-27 03:05 2567183 -----c--- C:\ProgramData\~0\Uniblue RegistryBooster.exe ---- Directory of C:\Users\All Users\~0 ---- 2008-08-27 03:05 579156 -----c--- C:\Users\All Users\~0\mia.lib 2008-08-27 03:05 2567183 -----c--- C:\Users\All Users\~0\Uniblue RegistryBooster.exe ((((((((((((((((((((((((((((( snapshot@2008-09-20_20.23.10.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-21 03:18:24 6,262,784 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT + 2008-09-21 19:06:06 6,262,784 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT - 2008-09-20 18:13:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-21 13:28:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-09-21 03:22:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-21 19:08:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-21 19:08:08 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-20 19:10:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-21 17:53:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-20 19:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-21 17:53:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-20 19:10:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-21 17:53:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon] @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}" [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}] 2007-10-05 10:54 303104 --------- C:\DDI\overicon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856] "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-05-27 4269296] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-19 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-19 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-19 137752] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 118784] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "VAIO Help and Support Demo"="C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-27 290816] "VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056] "VAIORegistration"="C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480] "VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 20:05 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\Windows\pss\Printkey2000.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk backup=C:\Windows\pss\ShortKeys 2.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Brandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] path=C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk backup=C:\Windows\pss\ShortKeys 2.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM] --a------ 2008-07-22 15:42 193536 C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar] --a------ 2007-09-06 15:38 53248 c:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BE953696-C870-4489-B5F8-D1BB6325DE47}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{C1DF8774-1941-4F25-8739-C5A8241AD393}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{B22A7C5F-EE86-4CAB-91CC-B17BAA55596C}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{0335F0D8-77B7-4284-9088-6B3FF02A5835}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{096874B8-139C-4C0E-A384-C524336A9E13}"= UDP:C:\Program Files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{B05C5513-57D6-46F6-AFE6-68B5BE48C44B}"= TCP:C:\Program Files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{806EF32B-19D7-45FC-8933-D652E1E15819}"= UDP:C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0 "{B4230531-C369-4150-949D-B3A5364BCD6A}"= TCP:C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0 "{A157B862-999F-45F0-B390-E498B970441B}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{4C63EFBF-1F51-4845-BBE1-CF7FACD0B4C1}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{3FAAE14D-B2F9-4638-A2E6-42410435EF88}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{AC705EB6-946C-48ED-AF41-D3E70DBB37FF}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{786E9B06-A7BF-4E96-B1E8-F87F7E8EEEB6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{4CDF985B-571A-4E90-9A8C-0BCE6FC5A4EF}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{91008DB5-CAF4-4DCD-A057-9681CBCCF1E3}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{EBE23954-9203-402B-8A30-38E41D9A0B50}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{A334A47F-0501-48FB-B2BA-2115CE310AD0}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{1A57DBEC-8535-4109-A656-9C27D02C957E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{3060BD21-4A17-4833-BE40-FC1CF9476DEF}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{36787B3C-7FD5-44E1-9857-9C5937D34650}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{80A0F1F2-5204-46C9-8DDB-127DE637B691}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{A9A1829E-D27D-49B2-A135-E133EAB888EA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C642153F-22A5-4F16-BAA1-B3A5B545D2CE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{A6C6E1CC-F0AD-4291-9A05-8F1215A4AAD4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{7F4274C8-EB3B-4244-8890-AF79205F1191}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{BCE7C757-E1DB-4BB6-BB51-D40233EDF5CC}C:\\program files\\zultrax p2p\\zultrax.exe"= UDP:C:\program files\zultrax p2p\zultrax.exe:Zultrax "UDP Query User{4E8FD966-AD98-4323-A223-ECC3ED0CD581}C:\\program files\\zultrax p2p\\zultrax.exe"= TCP:C:\program files\zultrax p2p\zultrax.exe:Zultrax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| R2 NSUService;NSUService;C:\Program Files\Sony\Network Utility\NSUService.exe [2007-09-20 204800] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-28 9344] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-19 246784] S3 GameConsoleService;GameConsoleService;C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-05 165416] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 12:08:17 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-21 12:11:00 ComboFix-quarantined-files.txt 2008-09-21 19:09:55 ComboFix2.txt 2008-09-21 03:25:03 ComboFix3.txt 2008-09-05 20:04:56 Pre-Run: 124,054,343,680 bytes free Post-Run: 124,031,496,192 bytes free 339 --- E O F --- 2008-09-18 20:53:15 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:11:57 PM, on 9/21/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ShortKeys2\shortkey.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\jre1.6.0_07\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resou...NPUplden-us.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220502954528 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220991586310 O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11576 bytes

andrewuk View Member Profile	Sep 21 2008, 02:50 PM Post #6
Trusted Helper Posts: 4,530 From: London, UK OS: XP	hmm.....not all that fix went through, though i suspect it is a formatting problem. could you attach the last combofix log please. To attach a file, do the following: Click Add Reply Under the reply panel is the Attachments Panel Browse for the attachment file you want to upload, then click the green Upload button Once it has uploaded, click the Manage Current Attachments drop down box Click on to insert the attachment into your post also, i want to scan a file, i am reasonably sure it is ok, but lets see: Jotti File Submission: Please go to Jotti's malware scan Copy and paste the following file path into the "File to upload & scan"box on the top of the page: C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe Click on the submit button Please post the results of the scan in your next reply. If Jotti is busy, try the same atVirustotal andrewuk

ttsstr5 View Member Profile	Sep 21 2008, 05:06 PM Post #7
Member Posts: 24 OS: windows vista	ok here is the other scan results and attached combofix. log.txt ( 25.77K ) Number of downloads: 15 Antivirus Version Last Update Result AhnLab-V3 2008.9.19.2 2008.09.19 - AntiVir 7.8.1.34 2008.09.21 - Authentium 5.1.0.4 2008.09.21 - Avast 4.8.1195.0 2008.09.22 - AVG 8.0.0.161 2008.09.21 - BitDefender 7.2 2008.09.21 - CAT-QuickHeal 9.50 2008.09.20 - ClamAV 0.93.1 2008.09.22 - DrWeb 4.44.0.09170 2008.09.21 - eSafe 7.0.17.0 2008.09.21 - eTrust-Vet 31.6.6098 2008.09.21 - Ewido 4.0 2008.09.21 - F-Prot 4.4.4.56 2008.09.21 - F-Secure 8.0.14332.0 2008.09.21 - Fortinet 3.113.0.0 2008.09.21 - GData 19 2008.09.22 - Ikarus T3.1.1.34.0 2008.09.21 - K7AntiVirus 7.10.466 2008.09.20 - Kaspersky 7.0.0.125 2008.09.21 - McAfee 5388 2008.09.19 - Microsoft 1.3903 2008.09.22 - NOD32v2 3458 2008.09.21 - Norman 5.80.02 2008.09.19 - Panda 9.0.0.4 2008.09.21 - PCTools 4.4.2.0 2008.09.21 - Prevx1 V2 2008.09.22 - Rising 20.62.62.00 2008.09.21 - Sophos 4.33.0 2008.09.22 - Sunbelt 3.1.1653.1 2008.09.20 - Symantec 10 2008.09.21 - TheHacker 6.3.0.9.090 2008.09.20 - TrendMicro 8.700.0.1004 2008.09.20 - VBA32 3.12.8.5 2008.09.20 - ViRobot 2008.9.20.1385 2008.09.20 - VirusBuster 4.5.11.0 2008.09.21 - Webwasher-Gateway 6.6.2 2008.09.22 - Additional information File size: 290816 bytes MD5...: 3231da42ea7eb138bde39534d60868e2 SHA1..: f18b9d731818c9c202546f9e94fdd997b38f3c50 SHA256: 9fdd6bf81e4ce592577660d302e1740212a0376984c15cd4f861bdb2d97250d9 SHA512: 77b26e1cae003030c2cdc8634a06d4cfe09690cc1c924da951638f98f0e2e4cd 7100553c70113cb5a7411dc38c6d85dd4bfb4a129d0539c027f736f42536c543 PEiD..: - TrID..: File type identification Generic CIL Executable (.NET, Mono, etc.) (83.3%) Win32 Executable Generic (9.7%) Win16/32 Executable Delphi generic (2.3%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4035fe timedatestamp.....: 0x46d3723b (Tue Aug 28 00:54:19 2007) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x2000 0x1604 0x2000 4.19 c0607acb210ac2c8097dd5c94587b0bf .rsrc 0x4000 0x423bc 0x43000 4.28 b1db572544faa2193de4035c96d151ad .reloc 0x48000 0xc 0x1000 0.01 23ac1bb10fab3a9e5356c4d2c6f8d0c3 ( 1 imports ) > mscoree.dll: _CorExeMain ( 0 exports ) This post has been edited by ttsstr5: Sep 21 2008, 05:07 PM

andrewuk View Member Profile	Sep 21 2008, 05:27 PM Post #8
Trusted Helper Posts: 4,530 From: London, UK OS: XP	that file was good ok, i have attached a CFScript file for you to run: 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. download and save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. CFScript.txt ( 67bytes ) Number of downloads: 13

ttsstr5 View Member Profile	Sep 21 2008, 06:31 PM Post #9
Member Posts: 24 OS: windows vista	ComboFix 08-09-20.05 - Brandy 2008-09-21 17:20:36.5 - NTFSx86 Microsoft� Windows Vista� Home Premium 6.0.6000.0.1252.1.1033.18.1045 [GMT -7:00] Running from: C:\Users\Brandy\Desktop\ComboFix.exe Command switches used :: C:\Users\Brandy\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 ))))))))))))))))))))))))))))))) . 2008-09-18 16:14 . 2008-09-18 16:14 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Uniblue 2008-09-18 16:13 . 2008-09-18 16:17 <DIR> d--h-c--- C:\Users\All Users\~0 2008-09-18 16:13 . 2008-09-18 16:17 <DIR> d--h-c--- C:\ProgramData\~0 2008-09-17 18:17 . 2008-09-17 18:17 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\KeePass 2008-09-17 18:11 . 2008-09-17 18:11 <DIR> d-------- C:\Program Files\KeePass Password Safe 2008-09-17 17:00 . 2008-09-17 17:00 <DIR> d-------- C:\Program Files\CAM Development 2008-09-16 13:15 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll 2008-09-16 13:14 . 2008-09-16 13:14 <DIR> d-------- C:\Intel 2008-09-16 10:31 . 2008-01-17 04:00 68,232 --a------ C:\Windows\UnDeployV.exe 2008-09-10 13:33 . 2008-09-10 13:34 <DIR> d-------- C:\Program Files\Makeover Buddy Pogo 2008-09-10 08:19 . 2008-09-10 08:19 <DIR> d-------- C:\Program Files\Bytescribe 2008-09-10 08:19 . 2001-05-08 06:00 16,144 --a------ C:\Windows\System32\tsd32.dll 2008-09-10 08:19 . 2001-05-08 06:00 9,488 --a------ C:\Windows\System32\tssoft32.acm 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\Users\All Users\Apple 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\ProgramData\Apple 2008-09-09 13:19 . 2008-09-09 13:19 <DIR> d-------- C:\Program Files\Apple Software Update 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\ProgramData\Apple Computer 2008-09-09 13:17 . 2008-09-09 13:18 <DIR> d-------- C:\Program Files\QuickTime 2008-09-09 13:17 . 2008-09-09 13:17 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-09-09 11:34 . 2008-07-30 16:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 11:34 . 2008-07-30 20:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-09-09 11:34 . 2008-06-25 20:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 11:34 . 2008-07-30 20:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-08 14:05 . 2008-09-09 07:43 <DIR> d-------- C:\Users\All Users\Zultrax P2P 2008-09-08 14:05 . 2008-09-09 07:43 <DIR> d-------- C:\ProgramData\Zultrax P2P 2008-09-08 14:05 . 2008-09-08 14:05 <DIR> d-------- C:\Program Files\Zultrax P2P 2008-09-08 14:05 . 2008-09-18 13:42 <DIR> d-------- C:\Downloads 2008-09-07 11:41 . 2008-09-11 07:04 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-09-07 11:41 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts 2008-09-05 13:06 . 2008-09-05 15:17 250 --a------ C:\Windows\gmer.ini 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\Users\All Users\Avira 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\ProgramData\Avira 2008-09-05 12:08 . 2008-09-05 12:08 <DIR> d-------- C:\Program Files\Avira 2008-09-04 13:06 . 2008-09-04 13:06 <DIR> d-------- C:\rsit 2008-09-03 23:38 . 2008-09-05 13:03 <DIR> d-------- C:\Temp 2008-09-03 21:51 . 2008-09-03 21:51 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Malwarebytes 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-03 21:34 . 2008-09-03 21:34 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-03 21:02 . 2008-09-03 21:02 691 --a------ C:\Users\Brandy\AppData\Roaming\GetValue.vbs 2008-09-03 21:02 . 2008-09-03 21:02 35 --a------ C:\Users\Brandy\AppData\Roaming\SetValue.bat 2008-09-03 21:01 . 2008-09-03 21:02 3,578 --a------ C:\Windows\System32\tmp.reg 2008-09-03 20:56 . 2008-09-03 20:56 <DIR> d-------- C:\Users\Brandy\SmitfraudFix 2008-09-03 20:45 . 2008-09-03 20:47 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-09-03 20:45 . 2008-09-03 20:47 <DIR> d-------- C:\ProgramData\Lavasoft 2008-09-03 19:06 . 2008-09-03 19:06 1,152 --a------ C:\Windows\System32\windrv.sys 2008-09-03 19:05 . 2008-09-03 21:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Download Manager 2008-09-02 22:03 . 2008-09-02 22:03 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Roxio 2008-09-02 22:03 . 2008-09-02 22:05 <DIR> d-------- C:\Users\All Users\Roxio 2008-09-02 22:03 . 2008-09-02 22:05 <DIR> d-------- C:\ProgramData\Roxio 2008-09-02 21:27 . 2008-09-02 21:27 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Canneverbe_Limited 2008-08-28 10:26 . 2008-09-08 04:45 <DIR> d-------- C:\Program Files\Aces Up Buddy Pogo 2008-08-22 11:12 . 2008-08-22 11:34 <DIR> d-------- C:\Users\Brandy\AppData\Roaming\Winamp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 23:16 --------- d-----w C:\Users\Brandy\AppData\Roaming\OpenOffice.org2 2008-09-21 20:24 --------- d---a-w C:\ProgramData\TEMP 2008-09-21 17:53 --------- d-----w C:\ProgramData\Google Updater 2008-09-18 21:08 --------- d-----w C:\ProgramData\WildTangent 2008-09-17 23:57 --------- d-----w C:\ProgramData\WinZip 2008-09-16 18:13 --------- d-----w C:\Program Files\CP-Autos 2008-09-12 17:34 --------- d-----w C:\Users\Brandy\AppData\Roaming\Pogo Games 2008-09-10 19:31 --------- d-----w C:\Program Files\Oberon Media 2008-09-05 19:34 --------- d-----w C:\ProgramData\Symantec 2008-09-04 18:20 --------- d-----w C:\Program Files\Java 2008-09-04 07:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-09-04 07:02 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-09-04 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-03 05:03 --------- d-----w C:\ProgramData\Sonic 2008-09-03 04:22 --------- d-----w C:\Users\Brandy\AppData\Roaming\Ashampoo 2008-08-23 17:16 --------- d-----w C:\Program Files\ShortKeys2 2008-08-22 18:13 --------- d-----w C:\Program Files\Winamp 2008-08-21 06:35 --------- d-----w C:\ProgramData\Sony Corporation 2008-08-21 05:55 --------- d-----w C:\Program Files\WildGames 2008-08-20 02:42 --------- d-----w C:\ProgramData\Winamp Toolbar 2008-08-18 13:15 921,600 ----a-w C:\Windows\system32\drivers\athr.sys 2008-08-16 06:19 --------- d-----w C:\Program Files\Windows Mail 2008-08-15 06:36 --------- d-----w C:\ProgramData\Operation Mania 2008-08-12 07:33 --------- d-----w C:\Program Files\Argente Software 2008-08-12 07:22 --------- d-----w C:\Program Files\Derby Buddy Pogo 2008-08-12 07:21 --------- d-----w C:\Program Files\Bowling Buddy Pogo 2008-08-09 11:00 --------- d-----w C:\Program Files\MSN Messenger 2008-08-09 10:48 --------- d-----w C:\Users\Brandy\AppData\Roaming\Corel 2008-08-05 06:01 --------- d-----w C:\Program Files\PrintKey2000 2008-08-05 05:59 --------- d-----w C:\Users\Brandy\AppData\Roaming\IObit 2008-08-05 05:48 --------- d-----w C:\Program Files\Bingo Luau Buddy Pogo 2008-08-03 08:02 --------- d-----w C:\Users\Brandy\AppData\Roaming\WildTangent 2008-08-03 07:38 --------- d-----w C:\Program Files\TOSHIBA Games 2008-08-02 07:07 --------- d-----w C:\Users\Brandy\AppData\Roaming\Sony Corporation 2008-07-31 20:59 --------- d-----w C:\ProgramData\ashampoo 2008-07-31 20:14 --------- d-----w C:\Program Files\IObit 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-30 20:40 174 --sha-w C:\Program Files\desktop.ini 2008-07-30 20:36 --------- d-----w C:\Program Files\Windows Sidebar 2008-07-30 20:30 --------- d-----w C:\ProgramData\eSellerate 2008-07-30 20:30 --------- d-----w C:\Program Files\Common Files\eSellerate 2008-07-30 20:14 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-07-30 20:14 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-07-30 20:13 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-07-30 20:13 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-07-30 20:13 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-07-30 20:13 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-07-30 20:13 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-07-30 20:13 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-07-30 20:13 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-07-30 20:13 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-07-30 20:11 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-07-30 20:08 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-07-30 20:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-07-30 20:06 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-07-30 20:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-07-30 20:06 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-07-30 20:06 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-07-30 20:05 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-07-30 20:05 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-07-30 20:05 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-07-30 20:05 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-07-30 20:05 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-07-30 20:05 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2008-07-30 20:05 223,232 ----a-w C:\Windows\System32\SLC.dll 2008-07-30 20:05 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2008-07-30 20:05 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2008-07-30 20:05 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-07-30 20:05 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-07-30 20:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-07-30 20:03 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-07-30 20:03 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-07-30 20:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2008-07-30 20:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2008-07-30 20:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2008-07-30 20:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2008-07-30 20:01 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-07-30 20:01 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-07-30 20:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-07-30 20:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-07-30 19:50 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-07-30 19:48 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-07-30 19:41 --------- d-----w C:\Program Files\Analysis UK Ltd 2008-07-30 19:37 --------- d-----w C:\Program Files\Microsoft Works 2008-07-30 12:41 0 ----a-w C:\Users\Brandy\AppData\Roaming\wklnhst.dat 2008-07-30 12:38 --------- d-----w C:\ProgramData\Yahoo! 2008-07-30 12:37 --------- d-----w C:\ProgramData\Insight Software Solutions 2008-07-30 12:37 --------- d-----w C:\ProgramData\Insight Software 2008-07-30 12:37 --------- d-----w C:\Program Files\Yahoo! 2008-07-30 12:37 --------- d-----w C:\Program Files\Common Files\Insight Software Solutions 2008-07-30 12:21 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-30 12:21 --------- d-----w C:\Program Files\Google 2008-07-30 12:18 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-30 12:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-30 12:04 --------- d-----w C:\Users\Brandy\AppData\Roaming\Webroot 2008-07-30 10:51 0 ---ha-r C:\Windows\system32\drivers\Sony_VGN-NR260E.mrk . ((((((((((((((((((((((((((((( snapshot@2008-09-20_20.23.10.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-21 03:18:24 6,262,784 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT + 2008-09-22 00:20:04 6,262,784 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT - 2008-09-20 18:13:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-21 13:28:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-09-21 03:22:18 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-22 00:22:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-22 00:22:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-20 19:10:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-21 19:10:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-20 19:10:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-21 19:10:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-20 19:10:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-21 19:10:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon] @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}" [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}] 2007-10-05 10:54 303104 --------- C:\DDI\overicon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NSUFloatingUI"="C:\Program Files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856] "Messenger (Yahoo!)"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2008-05-27 4269296] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-19 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-19 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-19 137752] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-06-08 118784] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296] "VAIO Help and Support Demo"="C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-27 290816] "VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056] "VAIORegistration"="C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480] "VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208] "RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2007-08-14 20:05 98304 C:\Windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\Windows\pss\Printkey2000.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk backup=C:\Windows\pss\ShortKeys 2.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Brandy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ShortKeys 2.lnk] path=C:\Users\Brandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk backup=C:\Windows\pss\ShortKeys 2.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM] --a------ 2008-07-22 15:42 193536 C:\Program Files\IObit\Advanced WindowsCare 3 Beta\Sup_SmartRAM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar] --a------ 2007-09-06 15:38 53248 c:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BE953696-C870-4489-B5F8-D1BB6325DE47}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{C1DF8774-1941-4F25-8739-C5A8241AD393}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player "{B22A7C5F-EE86-4CAB-91CC-B17BAA55596C}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{0335F0D8-77B7-4284-9088-6B3FF02A5835}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media "{096874B8-139C-4C0E-A384-C524336A9E13}"= UDP:C:\Program Files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{B05C5513-57D6-46F6-AFE6-68B5BE48C44B}"= TCP:C:\Program Files\Spyware Doctor\pctsGui.exe:Spyware Doctor "{806EF32B-19D7-45FC-8933-D652E1E15819}"= UDP:C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0 "{B4230531-C369-4150-949D-B3A5364BCD6A}"= TCP:C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:Adobe LiveCycle Designer 8.0 "{A157B862-999F-45F0-B390-E498B970441B}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{4C63EFBF-1F51-4845-BBE1-CF7FACD0B4C1}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "TCP Query User{3FAAE14D-B2F9-4638-A2E6-42410435EF88}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{AC705EB6-946C-48ED-AF41-D3E70DBB37FF}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{786E9B06-A7BF-4E96-B1E8-F87F7E8EEEB6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{4CDF985B-571A-4E90-9A8C-0BCE6FC5A4EF}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{91008DB5-CAF4-4DCD-A057-9681CBCCF1E3}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{EBE23954-9203-402B-8A30-38E41D9A0B50}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{A334A47F-0501-48FB-B2BA-2115CE310AD0}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{1A57DBEC-8535-4109-A656-9C27D02C957E}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{3060BD21-4A17-4833-BE40-FC1CF9476DEF}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{36787B3C-7FD5-44E1-9857-9C5937D34650}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{80A0F1F2-5204-46C9-8DDB-127DE637B691}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{A9A1829E-D27D-49B2-A135-E133EAB888EA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{C642153F-22A5-4F16-BAA1-B3A5B545D2CE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{A6C6E1CC-F0AD-4291-9A05-8F1215A4AAD4}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{7F4274C8-EB3B-4244-8890-AF79205F1191}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{BCE7C757-E1DB-4BB6-BB51-D40233EDF5CC}C:\\program files\\zultrax p2p\\zultrax.exe"= UDP:C:\program files\zultrax p2p\zultrax.exe:Zultrax "UDP Query User{4E8FD966-AD98-4323-A223-ECC3ED0CD581}C:\\program files\\zultrax p2p\\zultrax.exe"= TCP:C:\program files\zultrax p2p\zultrax.exe:Zultrax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| R2 NSUService;NSUService;C:\Program Files\Sony\Network Utility\NSUService.exe [2007-09-20 204800] R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-28 9344] R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-19 246784] S3 GameConsoleService;GameConsoleService;C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2008-05-05 165416] S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472] S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312] S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 17:22:40 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-09-21 17:25:09 ComboFix-quarantined-files.txt 2008-09-22 00:24:15 ComboFix2.txt 2008-09-21 19:11:01 ComboFix3.txt 2008-09-21 03:25:03 ComboFix4.txt 2008-09-05 20:04:56 Pre-Run: 123,797,495,808 bytes free Post-Run: 123,768,627,200 bytes free 327 --- E O F --- 2008-09-18 20:53:15 log.txt ( 25K ) Number of downloads: 14

andrewuk View Member Profile	Sep 21 2008, 06:38 PM Post #10
Trusted Helper Posts: 4,530 From: London, UK OS: XP	that did the trick. in this post we will do a couple of scans to see what else sneaked onto your machine. the scans will likely take 3 hours, quite possibly much longer. so just let them run. ====STEP 1==== Please download ATF Cleaner by Atribune. Caution: This program is for Windows 2000, XP and Vista only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ====STEP 2==== Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. ====STEP 3==== Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post) Kaspersky online scanner uses JAVA tecnology to perform the scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. In your next reply could i see: 1. the SUPERantispyware log 2. the kaspersky log 3. some idea of how your machine is running now The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk

ttsstr5 View Member Profile	Sep 22 2008, 01:20 AM Post #11
Member Posts: 24 OS: windows vista	Kaspersky gave me issues saving the log so I copy and pasted it directly from scan results. And so far so good with performance of computer, but then again I haven't googled anything since I was redirected to a wrong website. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/21/2008 at 07:37 PM Application Version : 4.21.1004 Core Rules Database Version : 3575 Trace Rules Database Version: 1563 Scan type : Complete Scan Total Scan Time : 00:08:35 Memory items scanned : 661 Memory threats detected : 0 Registry items scanned : 6622 Registry threats detected : 0 File items scanned : 2009 File threats detected : 0 C:\Users\Brandy\Documents\MY PROGRAMS\SmitfraudFix\Reboot.exe http://www.viruslist.com/en/find?search_mo....Win32.Reboot.f 1 C:\Users\Brandy\SmitfraudFix\Reboot.exe http://www.viruslist.com/en/find?search_mo....Win32.Reboot.f 1 This post has been edited by ttsstr5: Sep 22 2008, 01:21 AM

andrewuk View Member Profile	Sep 22 2008, 12:05 PM Post #12
Trusted Helper Posts: 4,530 From: London, UK OS: XP	i cant see any kaspersky log? or entries? if it is a case that you have misposted then could you run kaspersky again and post the log. otherwise, assuming i am not going blind, give this one a shot: Please go HERE to run Panda's TotalScan Select the bubble for Scan now It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) Then the scan will begin When the scan completes, click the Save button on the right of Scan details Save it to a convenient location. Post the contents of the TotalScan report andrewuk This post has been edited by andrewuk: Sep 22 2008, 12:08 PM

ttsstr5 View Member Profile	Sep 23 2008, 11:26 AM Post #13
Member Posts: 24 OS: windows vista	I ran kaspersky but for some reason it would not save the log. This is all I was able to get it to do: C:\Users\Brandy\Documents\MY PROGRAMS\SmitfraudFix\Reboot.exe http://www.viruslist.com/en/find?search_mo....Win32.Reboot.f 1 C:\Users\Brandy\SmitfraudFix\Reboot.exe http://www.viruslist.com/en/find?search_mo....Win32.Reboot.f 1 . But I will run the other scan and post it.

andrewuk View Member Profile	Sep 23 2008, 12:35 PM Post #14
Trusted Helper Posts: 4,530 From: London, UK OS: XP	no need to run the other program, the kaspersky scan only found part of a fix tool used in an earlier fix. how is your machine running now? your logs look good. andrewuk

ttsstr5 View Member Profile	Sep 24 2008, 03:47 PM Post #15
Member Posts: 24 OS: windows vista	Seems to be running fine now. Thank you so much for your time!

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal possible malware problem [RESOLVED] 12	23 / 975	1st June 2006 - 03:21 PM grrlpwr started - last by therock247uk
Virus, Spyware and Trojan Removal Malware problem... [RESOLVED] 12	21 / 932	1st December 2008 - 09:28 AM HCRX311 started - last by Rorschach112
Virus, Spyware and Trojan Removal Malware problem? [RESOLVED] 12	17 / 691	29th November 2008 - 11:32 PM ~Mix started - last by emeraldnzl
Virus, Spyware and Trojan Removal Possible Malware Problem/Attack [Solved]	14 / 580	21st January 2009 - 02:34 PM dstcoyote22 started - last by fenzodahl512