SmitFraudFix v2.132 Scan done at 16:17:05.78, Fri 01/12/2007 Run from C:\Documents and Settings\Carlo\My Documents\Downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End VundoFix V6.2.13 Checking Java version... Java version is 1.5.0.7 Scan started at 11:25:03 AM 1/13/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.bak2 C:\WINDOWS\system32\yccdd.ini2 C:\WINDOWS\system32\yccdd.tmp Beginning removal... Attempting to delete C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\system32\ddccy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.ini C:\WINDOWS\system32\yccdd.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.bak1 C:\WINDOWS\system32\yccdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.bak2 C:\WINDOWS\system32\yccdd.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.ini2 C:\WINDOWS\system32\yccdd.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\yccdd.tmp C:\WINDOWS\system32\yccdd.tmp Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.2.13 Checking Java version... Java version is 1.5.0.7 Scan started at 7:21:19 PM 1/15/2007 Listing files found while scanning.... No infected files were found. ================================================================================================================== VUNDO BE GONE! [01/13/2007, 14:38:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Carlo\My Documents\Downloads\VirtumundoBeGone.exe" ) [01/13/2007, 14:38:18] - Detected System Information: [01/13/2007, 14:38:18] - Windows Version: 5.1.2600, Service Pack 2 [01/13/2007, 14:38:18] - Current Username: Carlo (Admin) [01/13/2007, 14:38:18] - Windows is in NORMAL mode. [01/13/2007, 14:38:18] - Searching for Browser Helper Objects: [01/13/2007, 14:38:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/13/2007, 14:38:18] - BHO 2: {27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\ssqpo [01/13/2007, 14:38:18] - Found: HKLM\...\Winlogon\Notify\ssqpo - This is probably Virtumundo. [01/13/2007, 14:38:18] - Assigning {27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} MSEvents Object [01/13/2007, 14:38:18] - BHO list has been changed! Starting over... [01/13/2007, 14:38:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/13/2007, 14:38:18] - BHO 2: {27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} (MSEvents Object) [01/13/2007, 14:38:18] - ALERT: Found MSEvents Object! [01/13/2007, 14:38:18] - BHO 3: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class) [01/13/2007, 14:38:18] - BHO 4: {31497E61-BCAD-41A6-8F75-AAF8F23F6247} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\ddccy [01/13/2007, 14:38:18] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing. [01/13/2007, 14:38:18] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/13/2007, 14:38:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/13/2007, 14:38:18] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/13/2007, 14:38:18] - BHO 7: {7DA39570-5FD2-4f18-94B4-20730CB3F727} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\doseocuq [01/13/2007, 14:38:18] - Key not found: HKLM\...\Winlogon\Notify\doseocuq, continuing. [01/13/2007, 14:38:18] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [01/13/2007, 14:38:18] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [01/13/2007, 14:38:18] - BHO 10: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [01/13/2007, 14:38:18] - BHO 11: {ED2C9419-C00C-4D05-85D7-67C2B14A559A} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\vtuvwtr [01/13/2007, 14:38:18] - Found: HKLM\...\Winlogon\Notify\vtuvwtr - This is probably Virtumundo. [01/13/2007, 14:38:18] - Assigning {ED2C9419-C00C-4D05-85D7-67C2B14A559A} MSEvents Object [01/13/2007, 14:38:18] - BHO list has been changed! Starting over... [01/13/2007, 14:38:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/13/2007, 14:38:18] - BHO 2: {27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} (MSEvents Object) [01/13/2007, 14:38:18] - ALERT: Found MSEvents Object! [01/13/2007, 14:38:18] - BHO 3: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class) [01/13/2007, 14:38:18] - BHO 4: {31497E61-BCAD-41A6-8F75-AAF8F23F6247} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\ddccy [01/13/2007, 14:38:18] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing. [01/13/2007, 14:38:18] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} () [01/13/2007, 14:38:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/13/2007, 14:38:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/13/2007, 14:38:18] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/13/2007, 14:38:18] - BHO 7: {7DA39570-5FD2-4f18-94B4-20730CB3F727} () [01/13/2007, 14:38:19] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:19] - Checking for HKLM\...\Winlogon\Notify\doseocuq [01/13/2007, 14:38:19] - Key not found: HKLM\...\Winlogon\Notify\doseocuq, continuing. [01/13/2007, 14:38:19] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [01/13/2007, 14:38:19] - BHO 9: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [01/13/2007, 14:38:19] - BHO 10: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [01/13/2007, 14:38:19] - BHO 11: {ED2C9419-C00C-4D05-85D7-67C2B14A559A} (MSEvents Object) [01/13/2007, 14:38:19] - ALERT: Found MSEvents Object! [01/13/2007, 14:38:19] - Finished Searching Browser Helper Objects [01/13/2007, 14:38:19] - *** Detected MSEvents Object [01/13/2007, 14:38:19] - Trying to remove MSEvents Object... [01/13/2007, 14:38:20] - Terminating Process: IEXPLORE.EXE [01/13/2007, 14:38:20] - Terminating Process: RUNDLL32.EXE [01/13/2007, 14:38:20] - Disabling Automatic Shell Restart [01/13/2007, 14:38:21] - Terminating Process: EXPLORER.EXE [01/13/2007, 14:38:21] - Suspending the NT Session Manager System Service [01/13/2007, 14:38:23] - Terminating Windows NT Logon/Logoff Manager [01/13/2007, 14:38:23] - Re-enabling Automatic Shell Restart [01/13/2007, 14:38:23] - File to disable: C:\WINDOWS\system32\ssqpo.dll [01/13/2007, 14:38:23] - Renaming C:\WINDOWS\system32\ssqpo.dll -> C:\WINDOWS\system32\ssqpo.dll.vir [01/13/2007, 14:38:23] - File successfully renamed! [01/13/2007, 14:38:23] - Removing HKLM\...\Browser Helper Objects\{27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} [01/13/2007, 14:38:23] - Removing HKCR\CLSID\{27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} [01/13/2007, 14:38:23] - Adding Kill Bit for ActiveX for GUID: {27EFD7AC-CF20-4008-BE02-BF42C42A7AF7} [01/13/2007, 14:38:23] - Deleting ATLEvents/MSEvents Registry entries [01/13/2007, 14:38:23] - Removing HKLM\...\Winlogon\Notify\ssqpo [01/13/2007, 14:38:23] - Searching for Browser Helper Objects: [01/13/2007, 14:38:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/13/2007, 14:38:24] - BHO 2: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class) [01/13/2007, 14:38:24] - BHO 3: {31497E61-BCAD-41A6-8F75-AAF8F23F6247} () [01/13/2007, 14:38:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:24] - Checking for HKLM\...\Winlogon\Notify\ddccy [01/13/2007, 14:38:24] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing. [01/13/2007, 14:38:24] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} () [01/13/2007, 14:38:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:24] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/13/2007, 14:38:24] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/13/2007, 14:38:24] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/13/2007, 14:38:24] - BHO 6: {7DA39570-5FD2-4f18-94B4-20730CB3F727} () [01/13/2007, 14:38:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:24] - Checking for HKLM\...\Winlogon\Notify\doseocuq [01/13/2007, 14:38:24] - Key not found: HKLM\...\Winlogon\Notify\doseocuq, continuing. [01/13/2007, 14:38:24] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [01/13/2007, 14:38:24] - BHO 8: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [01/13/2007, 14:38:24] - BHO 9: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [01/13/2007, 14:38:24] - BHO 10: {ED2C9419-C00C-4D05-85D7-67C2B14A559A} (MSEvents Object) [01/13/2007, 14:38:24] - ALERT: Found MSEvents Object! [01/13/2007, 14:38:24] - Finished Searching Browser Helper Objects [01/13/2007, 14:38:24] - *** Detected MSEvents Object [01/13/2007, 14:38:24] - Trying to remove MSEvents Object... [01/13/2007, 14:38:25] - Terminating Process: IEXPLORE.EXE [01/13/2007, 14:38:25] - Terminating Process: RUNDLL32.EXE [01/13/2007, 14:38:25] - Disabling Automatic Shell Restart [01/13/2007, 14:38:25] - Terminating Process: EXPLORER.EXE [01/13/2007, 14:38:25] - Suspending the NT Session Manager System Service [01/13/2007, 14:38:25] - Terminating Windows NT Logon/Logoff Manager [01/13/2007, 14:38:25] - Re-enabling Automatic Shell Restart [01/13/2007, 14:38:25] - File to disable: C:\WINDOWS\system32\vtuvwtr.dll [01/13/2007, 14:38:25] - Renaming C:\WINDOWS\system32\vtuvwtr.dll -> C:\WINDOWS\system32\vtuvwtr.dll.vir [01/13/2007, 14:38:25] - File successfully renamed! [01/13/2007, 14:38:26] - Removing HKLM\...\Browser Helper Objects\{ED2C9419-C00C-4D05-85D7-67C2B14A559A} [01/13/2007, 14:38:26] - Removing HKCR\CLSID\{ED2C9419-C00C-4D05-85D7-67C2B14A559A} [01/13/2007, 14:38:26] - Adding Kill Bit for ActiveX for GUID: {ED2C9419-C00C-4D05-85D7-67C2B14A559A} [01/13/2007, 14:38:26] - Deleting ATLEvents/MSEvents Registry entries [01/13/2007, 14:38:26] - Removing HKLM\...\Winlogon\Notify\vtuvwtr [01/13/2007, 14:38:26] - Searching for Browser Helper Objects: [01/13/2007, 14:38:26] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/13/2007, 14:38:26] - BHO 2: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class) [01/13/2007, 14:38:26] - BHO 3: {31497E61-BCAD-41A6-8F75-AAF8F23F6247} () [01/13/2007, 14:38:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:26] - Checking for HKLM\...\Winlogon\Notify\ddccy [01/13/2007, 14:38:26] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing. [01/13/2007, 14:38:26] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} () [01/13/2007, 14:38:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:26] - Checking for HKLM\...\Winlogon\Notify\SDHelper [01/13/2007, 14:38:26] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [01/13/2007, 14:38:26] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/13/2007, 14:38:26] - BHO 6: {7DA39570-5FD2-4f18-94B4-20730CB3F727} () [01/13/2007, 14:38:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/13/2007, 14:38:26] - Checking for HKLM\...\Winlogon\Notify\doseocuq [01/13/2007, 14:38:26] - Key not found: HKLM\...\Winlogon\Notify\doseocuq, continuing. [01/13/2007, 14:38:26] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [01/13/2007, 14:38:26] - BHO 8: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [01/13/2007, 14:38:26] - BHO 9: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [01/13/2007, 14:38:26] - Finished Searching Browser Helper Objects [01/13/2007, 14:38:26] - Finishing up... [01/13/2007, 14:38:26] - A restart is needed. [01/13/2007, 14:38:34] - Attempting to Restart via STOP error (Blue Screen!) --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:23:25 AM 1/16/2007 + Scan result: C:\Documents and Settings\Carlo\My Documents\Downloads\DVD Region+CSS Free_v_ 5.9.7.9\KeyGen.exe -> Adware.MaxSearch : Quarentined. C:\Documents and Settings\Carlo\Local Settings\Temporary Internet Files\Content.IE5\1KKHSBM4\q387[1].exe -> Trojan.Dialer.pz : Quarentined. ::Report end =========================================================================================================================================== SUPERAntiSpyware Scan Log Generated 01/16/2007 at 01:10 PM Application Version : 3.4.1000 Core Rules Database Version : 3143 Trace Rules Database Version: 1159 Scan type : Complete Scan Total Scan Time : 00:24:03 Memory items scanned : 703 Memory threats detected : 1 Registry items scanned : 6643 Registry threats detected : 14 File items scanned : 26858 File threats detected : 1 Trojan.Mezzia/Resident C:\WINDOWS\SYSTEM32\WINMBJ32.DLL C:\WINDOWS\SYSTEM32\WINMBJ32.DLL Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV HKLM\SOFTWARE\Microsoft\MSSMGR#Data HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV HKLM\SOFTWARE\Microsoft\MSSMGR#PID HKLM\SOFTWARE\Microsoft\MSSMGR#Rid HKLM\SOFTWARE\Microsoft\MSSMGR#LID ==================================================================================================================================================== Logfile of HijackThis v1.99.1 Scan saved at 1:28:29 PM, on 1/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe C:\Program Files\DISC\DISCover.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\VdCap03C\StillMnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\DISC\DiscStreamHub.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Carlo\Desktop\HijackThis.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168099302671 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing) O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing) O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe