Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

medichi.exe and medichi2.exe problems [RESOLVED]

Started by alcee410 , Jan 06 2008 07:20 PM

  • This topic is locked This topic is locked

#16
andrewuk
Posted 13 January 2008 - 07:40 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

i can see in your logs that a couple of the trojans have returned, which indicates that we have not yet found the source file. and it is likely it is these infections which are preventing you from loading various webpages.

i know this is little comfort to you, but you appear to have a new strain of infection and there is another user on this forum who is having their machine cleaned of similar infections. the good news is that more people are trying to resolve it.

lets come in from another direction and try this:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

andrewuk
  • 0

Advertisements

#17
alcee410
Posted 14 January 2008 - 12:09 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. Here's the combofix log followed by the hijackthis log.

ComboFix 08-01-14.3 - Alan 2008-01-09 1:55:51.1 - NTFSx86
Running from: C:\Documents and Settings\Alan\Desktop\ComboFix(2).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\.exe
C:\Documents and Settings\Alan\Application Data\antivirus.exe
C:\Documents and Settings\Alan\Application Data\printer.exe
C:\Program Files\Common Files\{40252~1
C:\Program Files\eliteprotector
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\Thumbs.db
C:\Program Files\outlook
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\medichi.exe
C:\WINDOWS\medichi2.exe
C:\WINDOWS\msdde.dll
C:\WINDOWS\msole.dll
C:\WINDOWS\murka.dat
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\shovth.exe
C:\WINDOWS\system32\suspend.exe
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\user32.dat
C:\WINDOWS\system32\winsn.exe
C:\WINDOWS\system32\winsos.exe
C:\WINDOWS\windisk.dll
C:\WINDOWS\windows.exe
C:\WINDOWS\wsystmp_huv.exe
C:\WINDOWS\wsystmp_rsr.exe
C:\WINDOWS\wsystmp_vzt.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 02:00 . 2003-03-31 04:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-01-14 02:00 . 2003-03-31 04:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-01-09 01:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 03:18 . 2008-01-07 03:18 <DIR> d-------- C:\Deckard
2008-01-02 09:28 . 2008-01-03 03:04 <DIR> d-------- C:\Program Files\Trillian
2008-01-01 08:31 . 2008-01-01 08:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 05:50 . 2008-01-01 05:50 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 04:26 . 2008-01-01 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 04:26 . 2008-01-01 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 04:25 . 2008-01-01 04:25 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-01 04:24 . 2008-01-01 05:49 <DIR> d-------- C:\Program Files\AIM6
2008-01-01 04:24 . 2008-01-01 05:49 536 --ah----- C:\IPH.PH
2007-12-31 21:29 . 2007-12-31 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 21:27 . 2008-01-09 01:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 21:27 . 2007-12-31 21:27 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2007-12-31 21:26 . 2007-12-31 21:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 21:12 . 2007-12-31 21:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-12-22 16:05 . 2007-12-22 16:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 16:05 . 2008-01-08 19:27 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2007-12-22 16:04 . 2007-12-22 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 16:04 . 2008-01-09 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 11:14 . 2007-12-22 11:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-22 10:02 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-12-22 10:00 . 2007-12-22 09:59 89,088 ---h----- C:\Documents and Settings\TEMP\TEMP.exe
2007-12-22 10:00 . 2007-12-22 09:59 89,088 ---h----- C:\Documents and Settings\All Users\All Users.exe
2007-12-22 09:59 . 2007-12-22 09:59 89,088 ---hs---- C:\402528E8.exe
2007-12-22 09:59 . 2007-12-22 09:59 93 -r-hs---- C:\autorun.inf
2007-12-22 09:53 . 2005-07-04 19:04 18,944 --a------ C:\WINDOWS\system32\wowfx(2).dll
2007-12-22 08:59 . 2008-01-06 23:43 <DIR> d-------- C:\Documents and Settings\TEMP\Application Data\AVG7
2007-12-22 04:28 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-21 18:27 . 2007-12-22 09:59 89,088 ---h----- C:\Documents and Settings\Guest.ALANCOMP\Guest.ALANCOMP.exe
2007-12-21 18:25 . 2007-12-22 09:59 89,088 ---h----- C:\Documents and Settings\Administrator\Administrator.exe
2007-12-21 17:59 . 2007-12-22 09:59 89,088 ---h----- C:\Documents and Settings\Alan\Alan.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 16:45 --------- d-----w C:\Program Files\Traktor DJ Studio
2007-12-22 17:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-22 03:59 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Symantec
2007-12-06 07:49 --------- d-----w C:\Documents and Settings\TEMP\Application Data\U3
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 10:21 147456]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-07-05 07:29 4538368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 21:14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 11:04 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 17:21 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-27 20:10 335872]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-11 22:03 167936]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-12 22:01 98304]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 02:36 135168]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 14:37 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 18:35 70800]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [2004-02-25 05:08 536576]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" [ ]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-08 18:27 119296 C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-11-25 15:01 100056]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-09 16:25 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-09 16:34 282624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 16:04 579072]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 16:04 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 10:05:56]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 13:08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{402528E8-0AE7-1033-0519-040404230001}"= "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 16:32]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe []
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 01:31]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 15:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - G:\BC175E47.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-01-08 02:51:45 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 02:04:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 2:09:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 10:09:54
.
2007-12-22 18:11:25 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:17 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALAN\Application Data\Mozilla\Profiles\default\505dete2.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12945 bytes
  • 0

#18
alcee410
Posted 14 January 2008 - 12:40 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. I noticed something that looks like a good sign. Some webpages that I could not load earlier (e.g., my email accounts, and my online banking), are now working. And AOL instant messenger is working too. I just thought I'd let you know. Thanks. I'll wait for your next post to proceed further.
  • 0

#19
andrewuk
Posted 14 January 2008 - 04:07 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

Hi andrewuk. I noticed something that looks like a good sign. Some webpages that I could not load earlier (e.g., my email accounts, and my online banking), are now working. And AOL instant messenger is working too.

looks like we are getting there :)

your logs are looking better though i can see one or two suspicious looking entries. so in this post we will try that online scan again to see if that highlights them and any others.

firstly, i notice that you do not have the Windows Recovery Console installed. Infections are getting more sophisticated and it is strongly advisable to install the Windows Recovery Console. i would advise you to install the Windows Recovery Console. there is a useful explaination and guide how to install the Windows Recovery Console just read the brief explanation of What is the Recovery Console? and follow the instructions How to install the Recovery Console to your hard drive. it should not take too long.


then,lets see if we can get this to work again:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

if that link does not work, try
Kaspersky WebScanner alternate link

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If asked, click accept
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


In your next reply could i see:
1. the kaspersky scan report
2. a new Hijackthis log

andrewuk
  • 0

#20
alcee410
Posted 18 January 2008 - 05:11 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk,

I am writing from work to say that I have not had the chance to work on the steps from your last post on the 14th. I apologize for this, but I do plan to do more work on this during the weekend. This week has been busy, and I have not been home long enough to sit and work on my computer. So, thank you for your post, and I will reply this weekend with the logs.

I reactivated my Spyware and Virus programs. Is it OK that I did this? Would this interfere with the sequence of steps we have done so far? Thank you, and hope to reply again soon. ~Alcee410
  • 0

#21
andrewuk
Posted 18 January 2008 - 05:18 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

I reactivated my Spyware and Virus programs. Is it OK that I did this? Would this interfere with the sequence of steps we have done so far?

thats ok :)

i will await your next reply :)

andrewuk
  • 0

#22
alcee410
Posted 21 January 2008 - 05:18 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. I installed the Recovery Console. However, I have questions about the web scanner. The first link you gave me took to a page where I would have to install the program on my harddrive. I installed it, but it did not have settings like the ones you describe. THen, I tried the second link...it asked me to Remove the other version of the program. So, I did. Then, I installed the ActiveX, but after a few minutes it says "Failed to load Kaspersky Online Scanner ActiveX control! You must have administrative rights on this computer; you also must have the IE security settings to the Medium level." I believe my admin. rights are back, and I checked that the IE settings were to medium. I even added the Kaspersky site to the list of trusted sites. But this didn't work.

Should I go back and install the software from the first link. However, it does not have the same settings options as you describe. what do you think?
  • 0

#23
andrewuk
Posted 21 January 2008 - 05:31 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

its been a few days since we last worked on the fix, so lets just get another complete scan and go from there. sounds like we need to sort out your administrative rights. so, dont do the kaspersky scan, but do the instructions below.

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

andrewuk
  • 0

#24
alcee410
Posted 21 January 2008 - 05:49 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok, here's the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 446.98 MiB / 68.48 MiB
Pagefile Memory (total/avail): 1055.94 MiB / 495.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.08 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 0.35 GiB free.
D: is Fixed (NTFS) - 36.9 GiB total, 20.04 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick or MemoryStickPro Device

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 36.9 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

FW: Norton Internet Security v2004 (Symantec Corporation)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alan\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALANCOMP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alan
LOGONSERVER=\\ALANCOMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Alan\LOCALS~1\Temp
USERDOMAIN=ALANCOMP
USERNAME=Alan
USERPROFILE=C:\Documents and Settings\Alan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Alan (admin)
Administrator (admin)
TEMP (guest)
Guest.ALANCOMP (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive 24-Bit External\Program\Ctzapxx.EXE" SBUSB.INI /U /S
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger --> D:\Program Files\AIM\uninstll.exe -LOG= D:\Program Files\AIM\install.log -OEM=
Ares 1.9.0 --> "D:\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1500 --> C:\WINDOWS\System32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
CC_ccProxyMSI --> MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Click to DVD 2.0 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98A3A654-3AEF-42D9-BA91-DE5815EA5897}\setup.exe"
Click to DVD 2.0.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove/remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Documents and Settings\Alan\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
InterVideo WinDVD 5 for VAIO --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Native Instruments Traktor DJ Studio 2.5.1 --> C:\PROGRA~1\TRAKTO~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\TRAKTO~1\UNINST~1\INSTALL.LOG
Netscape Internet Service Setup --> "C:\Program Files\Online Services\Netscape Online Setup\unwise.exe" /A "C:\Program Files\Online Services\Netscape Online Setup\install.log" Uninstall Netscape Internet Service Setup
Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenMG Limited Patch 3.4-03-12-16-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-03-12-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{657DD6DA-B07B-40FF-9DBD-2116F7E83CF6}\Setup.exe" -l0x9 UNINSTALL
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8175104D\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_8175104D
SonicStage 2.0.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony ACID 4.0f --> MsiExec.exe /I{36235A3F-92C7-4F90-84E7-3697C59AD369}
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Sound Blaster Live! 24-Bit External --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}\SETUP.EXE" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VAIO Entertainment Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\Setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{545DB151-1514-4FFC-BF2F-FE8FBBD06987}\setup.exe" -l0x9
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO SLIT-C Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01AF4645-78E6-46C4-B528-54863679CC40}\setup.exe" -l0x9
VAIO SLIT Pattern Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266AEE68-5718-4A31-BDD3-D356B1250C70}\setup.exe" -l0x9
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656C}\setup.exe" -l0x9
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type14909 / Error
Event Submitted/Written: 01/21/2008 02:56:01 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 24764486.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type14908 / Error
Event Submitted/Written: 01/21/2008 02:55:59 PM
Event ID/Source: 100 / UPnPFramework
Event Description:
Error in UPnPFramework [ID=IntegratedServer, Cause=Unable to start framework]

Event Record #/Type14907 / Error
Event Submitted/Written: 01/21/2008 02:55:44 PM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application UPnPFramework.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (UPnPFramework.exe!ld!)

Event Record #/Type14899 / Error
Event Submitted/Written: 01/21/2008 02:53:32 PM
Event ID/Source: 108 / VzFw
Event Description:
Some error occurred when starting folder watch. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Event Record #/Type14887 / Error
Event Submitted/Written: 01/20/2008 08:09:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1280285 / Error
Event Submitted/Written: 01/21/2008 02:53:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cisco Systems, Inc. Installer service service failed to start due to the following error:
%%2

Event Record #/Type1280284 / Error
Event Submitted/Written: 01/21/2008 02:53:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ati HotKey Poller service failed to start due to the following error:
%%2

Event Record #/Type1280264 / Error
Event Submitted/Written: 01/20/2008 08:09:11 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the service.

Event Record #/Type1280250 / Error
Event Submitted/Written: 01/20/2008 08:07:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cisco Systems, Inc. Installer service service failed to start due to the following error:
%%2

Event Record #/Type1280249 / Error
Event Submitted/Written: 01/20/2008 08:07:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ati HotKey Poller service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-01-21 15:48:22 ------------
  • 0

#25
alcee410
Posted 21 January 2008 - 05:49 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
and here's the main.txt

Deckard's System Scanner v20071014.68
Run by Alan on 2008-01-21 15:43:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-01-21 23:44:09 UTC - RP543 - Deckard's System Scanner Restore Point
3: 2008-01-21 22:46:33 UTC - RP542 - Removed Kaspersky Anti-Virus 6.0 SOS.
2: 2008-01-21 04:55:36 UTC - RP541 - System Checkpoint
1: 2008-01-20 03:12:15 UTC - RP540 - Installed Kaspersky Anti-Virus 6.0 SOS.


Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 0.35 GiB (less than 15%) free.


-- HijackThis (run as Alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:18 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Alan\desktop\dss.exe
C:\DOCUME~1\Alan\Desktop\Alan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12738 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Alan\Desktop\backups\) ----------------

backup-20080107-213351-184 O4 - HKLM\..\Run: [SpecialOffers] C:\WINDOWS\specialoffers4.exe
backup-20080107-213351-466 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20080107-213351-508 O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} - http://esb.alcena.co...ltInstaller.ocx
backup-20080107-213351-555 O4 - HKLM\..\Run: [sis32] C:\WINDOWS\system32\winsos.exe
backup-20080107-213351-589 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
backup-20080107-213351-683 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
backup-20080107-213351-690 O4 - HKCU\..\Run: [SpecialOffers] C:\WINDOWS\SpecialOffers.exe
backup-20080107-213351-733 O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\alan\local settings\temp\fsg_4104.exe"
backup-20080107-213351-789 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20080107-213351-822 O4 - HKLM\..\Run: [winroot] C:\WINDOWS\system32\winsn.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys

S3 catchme - c:\docume~1\alan\locals~1\temp\catchme.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20071127.002\symidsco.sys (file missing)
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Ati HotKey Poller - c:\windows\system32\ati2evxx.exe (file missing)
S2 CiscoVpnInstallService (Cisco Systems, Inc. Installer service) - c:\documents and settings\alan\local settings\temp\wzsb1.tmp\installservice.exe (file missing)
S3 PACSPTISVR - c:\progra~1\common~1\sonysh~1\avlib\pacspt~1.exe <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 416)
2007-02-27 11:39:26 282624 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 2304)
2003-10-17 20:06:10 24576 --a------ C:\Program Files\Common Files\Sony Shared\Sony Utilities\KeyHook.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-01-07 18:51:45 362 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-21 20:00:00 546 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job


-- Files created between 2007-12-21 and 2008-01-21 -----------------------------

2008-01-19 22:32:35 11552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 22:32:35 202528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 19:10:39 0 d-------- C:\KAV
2008-01-19 19:06:17 0 dr-hs---- C:\cmdcons
2008-01-19 19:06:15 0 d-------- C:\WINDOWS\setup.pss
2008-01-19 19:06:03 0 d-------- C:\WINDOWS\setupupd
2008-01-19 17:28:16 0 d-------- C:\WINDOWS\XPSP2
2008-01-19 17:27:56 0 d-------- C:\WINDOWS\XPCD
2008-01-07 19:48:35 0 d-------- C:\BFU
2008-01-02 09:28:14 0 d-------- C:\Program Files\Trillian
2008-01-01 08:31:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 05:50:09 0 d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 04:25:14 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 04:24:43 0 d-------- C:\Program Files\AIM6
2007-12-31 21:29:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 21:27:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 21:27:16 0 d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2007-12-31 21:26:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 21:12:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-12-22 16:05:36 0 d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2007-12-22 16:05:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 16:04:39 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 11:26:41 0 dr-h----- C:\$VAULT$.AVG
2007-12-22 11:14:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-22 11:13:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-12-22 11:10:27 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-12-22 10:02:14 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-12-22 10:00:36 89088 ---h----- C:\Documents and Settings\TEMP\TEMP.exe
2007-12-22 09:53:56 18944 --a------ C:\WINDOWS\system32\wowfx(2).dll
2007-12-22 08:59:27 0 d-------- C:\Documents and Settings\TEMP\Application Data\AVG7


-- Find3M Report ---------------------------------------------------------------

2008-01-21 15:46:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-21 14:55:37 0 d-------- C:\Program Files\Common Files
2007-12-25 08:45:39 0 d-------- C:\Program Files\Traktor DJ Studio
2007-12-25 04:35:50 0 d-------- C:\Documents and Settings\Alan\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 05:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/27/2004 08:10 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 09:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/11/2003 10:03 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [02/12/2004 10:01 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 02:36 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 10:29 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/12/2005 02:37 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [12/11/2003 06:35 PM]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [02/25/2004 05:08 AM]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" []
"SbUsb AudCtrl"="sbusbdll.dll" [07/08/2004 06:27 PM C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/25/2005 03:01 PM]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2006 04:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/09/2006 04:34 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/14/2008 07:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [06/25/2004 10:21 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/05/2006 07:29 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/09/2007 09:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/18/2007 11:04 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 10:05:56 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 1:08:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{402528E8-0AE7-1033-0519-040404230001}"="C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
AutoRun\command- G:\
open\Command- G:\BC175E47.exe




-- End of Deckard's System Scanner: finished at 2008-01-21 15:48:22 ------------
  • 0

Advertisements

#26
andrewuk
Posted 22 January 2008 - 04:01 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

firstly, make sure you are logged on as an administrator, and not in the Guest account.

ok, in this post we will flush your temp folders, run a quick fix and get some more information for the next post.


====STEP 1====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"Security Providers"=hex(7):22,6d,73,61,70,73,73,70,63,2e,\
64,6c,6c,2c,20,73,63,68,61,6e,6e,65,6c,2e,64,6c,6c,2c,20,64,69,67,65,73,74,\
2e,64,6c,6c,2c,20,6d,73,6e,73,73,70,63,2e,64,6c,6c,22,00,00



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


====STEP 3====
Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe

Click on the submit button

Please also do the same with the following two files:
G:\BC175E47.exe
C:\WINDOWS\system32\wowfx(2).dll


Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal



In your next reply could i see:
1. the combofix log
2. the 3 complete jotti scans
3. a new hijackthis log

andrewuk
  • 0

#27
alcee410
Posted 23 January 2008 - 02:46 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the Combofix log:

ComboFix 08-01-14.3 - Alan 2008-01-23 0:20:36.2 - NTFSx86
Running from: C:\Documents and Settings\Alan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alan\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-19 22:32 . 2008-01-21 14:51 202,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 22:32 . 2008-01-21 14:51 11,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 22:32 . 2008-01-21 14:51 4,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 22:32 . 2008-01-21 14:51 2,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-19 19:10 . 2008-01-19 19:10 <DIR> d-------- C:\KAV
2008-01-19 19:06 . 2004-08-03 23:00 260,272 -r-hs---- C:\cmldr
2008-01-19 19:06 . 2005-09-18 20:21 211 -rahs---- C:\BOOT.BAK
2008-01-19 17:28 . 2008-01-19 18:41 <DIR> d-------- C:\WINDOWS\XPSP2
2008-01-19 17:27 . 2008-01-19 18:53 <DIR> d-------- C:\WINDOWS\XPCD
2008-01-14 02:00 . 2003-03-31 04:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-01-14 02:00 . 2003-03-31 04:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-01-09 01:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 03:18 . 2008-01-07 03:18 <DIR> d-------- C:\Deckard
2008-01-02 09:28 . 2008-01-03 03:04 <DIR> d-------- C:\Program Files\Trillian
2008-01-01 08:31 . 2008-01-01 08:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 05:50 . 2008-01-01 05:50 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 04:26 . 2008-01-01 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 04:26 . 2008-01-01 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 04:25 . 2008-01-01 04:25 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-01 04:24 . 2008-01-01 05:49 <DIR> d-------- C:\Program Files\AIM6
2008-01-01 04:24 . 2008-01-01 05:49 536 --ah----- C:\IPH.PH
2007-12-31 21:29 . 2007-12-31 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 21:27 . 2008-01-15 20:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 21:27 . 2007-12-31 21:27 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2007-12-31 21:26 . 2007-12-31 21:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 21:12 . 2007-12-31 21:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\acccore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 08:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-21 22:57 --------- d-----w C:\Documents and Settings\Alan\Application Data\AVG7
2008-01-09 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-07 07:43 --------- d-----w C:\Documents and Settings\TEMP\Application Data\AVG7
2008-01-01 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 16:45 --------- d-----w C:\Program Files\Traktor DJ Studio
2007-12-23 00:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 19:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-22 17:59 89,088 ---h--w C:\Documents and Settings\TEMP\TEMP.exe
2007-12-22 17:59 89,088 ---h--w C:\Documents and Settings\Guest.ALANCOMP\Guest.ALANCOMP.exe
2007-12-22 03:59 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Symantec
2007-12-06 07:49 --------- d-----w C:\Documents and Settings\TEMP\Application Data\U3
.

((((((((((((((((((((((((((((( [email protected]_ 2.09.38.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 09:55:15 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 08:19:35 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 09:55:15 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 08:19:36 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 09:55:15 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 08:19:36 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-09 09:55:15 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 08:19:36 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 09:55:15 4,354,048 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-23 08:19:36 4,354,048 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-09 09:55:15 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 08:19:37 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2001-07-15 01:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2005-02-21 02:48:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-21 04:08:45 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2005-02-21 02:48:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-21 04:08:45 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-02-21 02:48:05 49,152 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 04:08:45 49,152 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-23 00:05:12 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2008-01-15 03:39:26 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
- 2007-12-23 00:05:12 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-01-15 03:38:42 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-01-20 06:32:22 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2004-08-04 08:57:00 1,712,128 ------w C:\WINDOWS\XPCD\i386\ASMS\10\msft\windows\gdiplus\gdiplus.dll
+ 2002-09-03 16:20:28 1,700,352 ----a-w C:\WINDOWS\XPCD\i386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL
+ 2004-08-04 08:57:00 853,504 ------w C:\WINDOWS\XPCD\i386\ASMS\52\msft\windows\net\dxmrtp\dxmrtp.dll
+ 2004-08-04 08:57:00 991,232 ------w C:\WINDOWS\XPCD\i386\ASMS\52\msft\windows\net\rtcdll\rtcdll.dll
+ 2004-08-04 08:55:58 132,096 ------w C:\WINDOWS\XPCD\i386\ASMS\52\msft\windows\net\rtcres\rtcres.dll
+ 2004-08-04 08:57:02 1,050,624 ------w C:\WINDOWS\XPCD\i386\ASMS\60\msft\windows\common\controls\comctl32.dll
+ 2002-09-03 16:20:29 74,802 ----a-w C:\WINDOWS\XPCD\i386\ASMS\6000\MSFT\VCRTL\ATL.DLL
+ 2002-09-03 16:20:29 995,383 ----a-w C:\WINDOWS\XPCD\i386\ASMS\6000\MSFT\VCRTL\MFC42.DLL
+ 2002-09-03 16:20:29 995,384 ----a-w C:\WINDOWS\XPCD\i386\ASMS\6000\MSFT\VCRTL\MFC42U.DLL
+ 2002-09-03 16:20:29 401,462 ----a-w C:\WINDOWS\XPCD\i386\ASMS\6000\MSFT\VCRTL\MSVCP60.DLL
+ 2002-09-03 16:20:29 921,088 ----a-w C:\WINDOWS\XPCD\i386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
+ 2004-08-04 08:57:02 54,784 ------w C:\WINDOWS\XPCD\i386\ASMS\70\msft\windows\mswincrt\msvcirt.dll
+ 2004-08-04 08:57:02 343,040 ------w C:\WINDOWS\XPCD\i386\ASMS\70\msft\windows\mswincrt\msvcrt.dll
+ 2002-09-03 16:20:30 50,688 ----a-w C:\WINDOWS\XPCD\i386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCIRT.DLL
+ 2002-09-03 16:20:30 322,560 ----a-w C:\WINDOWS\XPCD\i386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
+ 2004-08-04 08:56:48 588,800 ------w C:\WINDOWS\XPCD\i386\AUTOCHK.EXE
+ 2004-08-04 08:56:48 580,608 ------w C:\WINDOWS\XPCD\i386\AUTOFMT.EXE
+ 2004-08-04 08:56:42 59,904 ------w C:\WINDOWS\XPCD\i386\CABINET.DLL
+ 2002-09-03 16:30:31 847,872 ----a-w C:\WINDOWS\XPCD\i386\DBGENG.DLL
+ 2004-08-04 08:56:44 640,000 ------w C:\WINDOWS\XPCD\i386\DBGHELP.DLL
+ 2002-09-03 16:23:58 55,632 ----a-w C:\WINDOWS\XPCD\i386\DRW\1033\DWINTL.DLL
+ 2002-09-03 16:23:58 162,128 ----a-w C:\WINDOWS\XPCD\i386\DRW\DWWIN.EXE
+ 2002-09-03 16:23:58 28,672 ----a-w C:\WINDOWS\XPCD\i386\DRW\FAULTH.DLL
+ 2002-09-03 16:32:50 15,872 ----a-w C:\WINDOWS\XPCD\i386\EXPAND.EXE
+ 2002-09-03 16:32:51 121,856 ----a-w C:\WINDOWS\XPCD\i386\EXTS.DLL
+ 2004-08-04 08:56:50 20,992 ------w C:\WINDOWS\XPCD\i386\faxpatch.exe
+ 2002-09-03 16:34:30 402,340 ----a-w C:\WINDOWS\XPCD\i386\HWCOMP.DAT
+ 2002-09-03 16:34:30 69,632 ----a-w C:\WINDOWS\XPCD\i386\HWDB.DLL
+ 2004-08-04 08:56:44 144,384 ------w C:\WINDOWS\XPCD\i386\IMAGEHLP.DLL
+ 2002-09-03 16:37:16 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDA1.DLL
+ 2002-09-03 16:37:17 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDA2.DLL
+ 2002-09-03 16:37:17 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDA3.DLL
+ 2002-09-03 16:37:17 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDAL.DLL
+ 2002-09-03 16:37:18 5,120 ----a-w C:\WINDOWS\XPCD\i386\KBDARME.DLL
+ 2002-09-03 16:37:19 5,120 ----a-w C:\WINDOWS\XPCD\i386\KBDARMW.DLL
+ 2002-09-03 16:37:20 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDAZE.DLL
+ 2002-09-03 16:37:20 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDAZEL.DLL
+ 2002-09-03 16:37:21 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDBE.DLL
+ 2002-09-03 16:37:22 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDBLR.DLL
+ 2002-09-03 16:37:22 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDBR.DLL
+ 2002-09-03 16:37:22 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDBU.DLL
+ 2002-09-03 16:37:23 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDCA.DLL
+ 2002-09-03 16:37:24 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDCR.DLL
+ 2002-09-03 16:37:24 7,168 ----a-w C:\WINDOWS\XPCD\i386\KBDCZ.DLL
+ 2002-09-03 16:37:25 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDCZ1.DLL
+ 2002-09-03 16:37:25 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDCZ2.DLL
+ 2002-09-03 16:37:26 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDDA.DLL
+ 2002-09-03 16:37:26 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDDIV1.DLL
+ 2002-09-03 16:37:26 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDDIV2.DLL
+ 2002-09-03 16:37:27 5,120 ----a-w C:\WINDOWS\XPCD\i386\KBDDV.DLL
+ 2002-09-03 16:37:27 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDES.DLL
+ 2002-09-03 16:37:28 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDEST.DLL
+ 2002-09-03 16:37:28 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDFA.DLL
+ 2002-09-03 16:37:28 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDFC.DLL
+ 2002-09-03 16:37:29 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDFI.DLL
+ 2002-09-03 16:38:33 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDFR.DLL
+ 2002-09-03 16:38:34 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDGAE.DLL
+ 2002-09-03 16:38:35 5,120 ----a-w C:\WINDOWS\XPCD\i386\KBDGEO.DLL
+ 2002-09-03 16:38:35 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDGKL.DLL
+ 2002-09-03 16:38:36 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDGR.DLL
+ 2002-09-03 16:38:36 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDGR1.DLL
+ 2002-09-03 16:38:37 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDHE.DLL
+ 2002-09-03 16:38:37 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDHE220.DLL
+ 2002-09-03 16:38:38 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDHE319.DLL
+ 2002-09-03 16:38:38 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDHEB.DLL
+ 2002-09-03 16:38:38 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDHELA2.DLL
+ 2002-09-03 16:38:41 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDHELA3.DLL
+ 2002-09-03 16:38:41 8,192 ----a-w C:\WINDOWS\XPCD\i386\KBDHEPT.DLL
+ 2002-09-03 16:38:41 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDHU.DLL
+ 2002-09-03 16:38:42 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDHU1.DLL
+ 2002-09-03 16:38:42 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDIC.DLL
+ 2002-09-03 16:38:43 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINDEV.DLL
+ 2002-09-03 16:38:43 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINGUJ.DLL
+ 2002-09-03 16:38:43 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINHIN.DLL
+ 2002-09-03 16:38:44 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINKAN.DLL
+ 2002-09-03 16:38:44 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINMAR.DLL
+ 2002-09-03 16:38:44 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDINPUN.DLL
+ 2002-09-03 16:38:45 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINTAM.DLL
+ 2002-09-03 16:38:45 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDINTEL.DLL
+ 2002-09-03 16:38:46 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDIR.DLL
+ 2002-09-03 16:38:46 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDIT.DLL
+ 2002-09-03 16:38:47 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDIT142.DLL
+ 2002-09-03 16:38:47 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDKAZ.DLL
+ 2002-09-03 16:38:47 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDKYR.DLL
+ 2002-09-03 16:38:48 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDLA.DLL
+ 2002-09-03 16:38:49 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDLT.DLL
+ 2002-09-03 16:38:49 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDLT1.DLL
+ 2002-09-03 16:38:50 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDLV.DLL
+ 2002-09-03 16:38:50 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDLV1.DLL
+ 2002-09-03 16:38:51 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDMON.DLL
+ 2002-09-03 16:38:51 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDNE.DLL
+ 2002-09-03 16:38:52 7,168 ----a-w C:\WINDOWS\XPCD\i386\KBDNEC.DLL
+ 2002-09-03 16:38:53 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDNO.DLL
+ 2002-09-03 16:38:54 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDPL.DLL
+ 2002-09-03 16:38:54 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDPL1.DLL
+ 2002-09-03 16:38:55 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDPO.DLL
+ 2002-09-03 16:38:55 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDRO.DLL
+ 2002-09-03 16:38:55 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDRU.DLL
+ 2002-09-03 16:38:56 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDRU1.DLL
+ 2002-09-03 16:38:56 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDSF.DLL
+ 2002-09-03 16:38:56 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDSG.DLL
+ 2002-09-03 16:38:57 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDSL.DLL
+ 2002-09-03 16:38:57 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDSL1.DLL
+ 2002-09-03 16:38:57 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDSP.DLL
+ 2002-09-03 16:38:58 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDSW.DLL
+ 2002-09-03 16:38:58 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDSYR1.DLL
+ 2002-09-03 16:38:59 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDSYR2.DLL
+ 2002-09-03 16:38:59 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDTAT.DLL
+ 2002-09-03 16:38:59 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDTH0.DLL
+ 2002-09-03 16:39:00 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDTH1.DLL
+ 2002-09-03 16:39:00 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDTH2.DLL
+ 2002-09-03 16:39:00 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDTH3.DLL
+ 2002-09-03 16:39:01 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDTUF.DLL
+ 2002-09-03 16:39:01 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDTUQ.DLL
+ 2002-09-03 16:39:01 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDUK.DLL
+ 2002-09-03 16:39:02 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDUR.DLL
+ 2002-09-03 16:39:02 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDURDU.DLL
+ 2002-09-03 16:39:03 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDUS.DLL
+ 2002-09-03 16:39:03 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDUSL.DLL
+ 2002-09-03 16:39:04 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDUSR.DLL
+ 2002-09-03 16:39:04 6,144 ----a-w C:\WINDOWS\XPCD\i386\KBDUSX.DLL
+ 2002-09-03 16:39:04 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDUZB.DLL
+ 2002-09-03 16:39:05 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDVNTC.DLL
+ 2002-09-03 16:39:05 5,632 ----a-w C:\WINDOWS\XPCD\i386\KBDYCC.DLL
+ 2002-09-03 16:39:06 6,656 ----a-w C:\WINDOWS\XPCD\i386\KBDYCL.DLL
+ 2004-08-04 06:59:48 92,032 ------w C:\WINDOWS\XPCD\i386\KSECDD.SYS
+ 2004-08-04 09:02:46 329,728 ------w C:\WINDOWS\XPCD\i386\NETSETUP.EXE
+ 2004-08-04 06:38:34 47,564 ------w C:\WINDOWS\XPCD\i386\NTDETECT.COM
+ 2004-08-04 08:56:38 708,096 ------w C:\WINDOWS\XPCD\i386\NTDLL.DLL
+ 2004-08-04 07:15:10 574,592 ------w C:\WINDOWS\XPCD\i386\NTFS.SYS
+ 2002-09-03 16:50:20 31,744 ----a-w C:\WINDOWS\XPCD\i386\NTSD.EXE
+ 2002-09-03 16:50:21 36,864 ----a-w C:\WINDOWS\XPCD\i386\NTSDEXTS.DLL
+ 2002-09-03 16:52:25 27,648 ----a-w C:\WINDOWS\XPCD\i386\PIDGEN.DLL
+ 2004-08-04 08:56:56 146,432 ------w C:\WINDOWS\XPCD\i386\REGEDIT.EXE
+ 2004-08-02 22:20:40 4,569 ------w C:\WINDOWS\XPCD\i386\SECUPD.DAT
+ 2004-08-04 07:00:00 260,272 ------w C:\WINDOWS\XPCD\i386\SETUPLDR.BIN
+ 2004-08-04 07:05:06 232,832 ------w C:\WINDOWS\XPCD\i386\SPCMDCON.SYS
+ 2004-08-04 08:56:58 11,776 ------w C:\WINDOWS\XPCD\i386\spnpinst.exe
+ 2002-09-03 17:05:59 244,736 ----a-w C:\WINDOWS\XPCD\i386\SYSPARSE.EXE
+ 2004-08-04 08:56:38 708,096 ------w C:\WINDOWS\XPCD\i386\SYSTEM32\NTDLL.DLL
+ 2004-08-04 08:56:58 470,016 ------w C:\WINDOWS\XPCD\i386\SYSTEM32\SMSS.EXE
+ 2004-08-04 08:56:58 75,264 ------w C:\WINDOWS\XPCD\i386\TELNET.EXE
+ 2002-09-03 17:08:52 469,504 ----a-w C:\WINDOWS\XPCD\i386\USETUP.EXE
+ 2002-09-03 16:26:17 65,536 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\ACROBAT\MIGRATE.DLL
+ 2002-09-03 16:26:19 30,208 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\CMMGR\MIGRATE.DLL
+ 2002-09-03 16:26:19 53,248 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\DEVUPGRD\MIGRATE.DLL
+ 2002-09-03 16:26:19 3,952 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\DMICALL\DMICALL.SYS
+ 2002-09-03 16:26:19 32,768 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\DMICALL\MIGRATE.DLL
+ 2002-09-03 16:26:19 13,824 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\DVD\MIGRATE.DLL
+ 2002-09-03 16:26:19 69,632 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\EASTMAN\MIGRATE.DLL
+ 2002-09-03 16:26:19 73,728 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\FAX\AWDVSTUB.EXE
+ 2002-09-03 16:26:20 25,600 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\FAX\MIGRATE.DLL
+ 2002-09-03 16:26:20 83,456 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\HPTOOLS\MIGRATE.DLL
+ 2002-09-03 16:26:20 40,960 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\IBMAV\MIGRATE.DLL
+ 2002-09-03 16:26:20 8,704 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\ICM\MIGRATE.DLL
+ 2002-09-03 16:26:21 10,240 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\IEMIG\MIGRATE.DLL
+ 2002-09-03 16:26:26 108,544 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MAPI\DLL\MIGRATE.DLL
+ 2002-09-03 16:26:26 36,864 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE
+ 2002-09-03 16:26:26 25,629 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MAPI\DLL\MSPATCHA.DLL
+ 2002-09-03 16:26:32 39,424 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MODEMS\MIGRATE.DLL
+ 2002-09-03 16:26:32 11,776 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MSGQUEUE\MIGRATE.DLL
+ 2002-09-03 16:26:32 7,680 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MSI\MIGRATE.DLL
+ 2002-09-03 16:26:32 33,792 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MSI\MSI9XMIG.DLL
+ 2002-09-03 16:26:32 31,744 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MSI\MSINTMIG.DLL
+ 2002-09-03 16:26:32 46,864 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\MSP\MIGRATE.DLL
+ 2002-09-03 16:26:32 36,352 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\NECKBD\MIGRATE.DLL
+ 2002-09-03 16:26:32 176,128 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\NECPA\MIGRATE.DLL
+ 2002-09-03 16:26:33 147,456 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\NECWPS\MIGRATE.DLL
+ 2002-09-03 16:26:33 86,016 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\OCTOPUS\MIGRATE.DLL
+ 2002-09-03 16:26:33 37,888 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\OEWAB\MIGRATE.DLL
+ 2002-09-03 16:26:33 30,208 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\PRINT\MIGRATE.DLL
+ 2002-09-03 16:26:34 35,328 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\PWS\MIGRATE.DLL
+ 2002-09-03 16:26:35 184,320 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\RUMBA\MIGRATE.DLL
+ 2004-08-04 07:05:32 69,632 ------w C:\WINDOWS\XPCD\i386\WIN9XMIG\SETUP\MIGRATE.DLL
+ 2002-09-03 16:26:35 76,288 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\TRANSACT\MIGRATE.DLL
+ 2002-09-03 16:26:35 14,848 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\WIA\MIGRATE.DLL
+ 2002-09-03 16:26:35 40,960 ----a-w C:\WINDOWS\XPCD\i386\WIN9XMIG\WMP\MIGRATE.DLL
+ 2004-07-17 19:47:40 55,056 ------w C:\WINDOWS\XPCD\i386\WIN9XUPG\CABINET.DLL
+ 2002-09-03 16:26:35 25,600 ----a-w C:\WINDOWS\XPCD\i386\WIN9XUPG\CFGMGR32.DLL
+ 2002-09-03 16:26:35 90,563 ----a-w C:\WINDOWS\XPCD\i386\WIN9XUPG\E95ONLY.DAT
+ 2004-07-17 19:47:40 99,376 ------w C:\WINDOWS\XPCD\i386\WIN9XUPG\IMAGEHLP.DLL
+ 2002-09-03 16:26:35 106,496 ----a-w C:\WINDOWS\XPCD\i386\WIN9XUPG\ISMIG.DLL
+ 2004-07-17 19:47:40 267,536 ------w C:\WINDOWS\XPCD\i386\WIN9XUPG\MSVCRT.DLL
+ 2004-08-04 07:04:40 888,832 ------w C:\WINDOWS\XPCD\i386\WIN9XUPG\SETUPAPI.DLL
+ 2002-09-03 16:26:36 3,584 ----a-w C:\WINDOWS\XPCD\i386\WIN9XUPG\TWID.EXE
+ 2004-08-04 07:05:36 872,448 ------w C:\WINDOWS\XPCD\i386\WIN9XUPG\W95UPG.DLL
+ 2004-08-04 06:41:40 84,939 ------w C:\WINDOWS\XPCD\i386\WINNT.EXE
+ 2004-08-04 07:05:08 48,128 ------w C:\WINDOWS\XPCD\i386\WINNT32.EXE
+ 2004-08-04 08:56:36 1,171,456 ------w C:\WINDOWS\XPCD\i386\WINNT32A.DLL
+ 2004-08-04 08:56:36 1,294,336 ------w C:\WINDOWS\XPCD\i386\WINNT32U.DLL
+ 2004-08-04 08:56:36 763,392 ------w C:\WINDOWS\XPCD\i386\WINNTBBA.DLL
+ 2004-08-04 08:56:36 764,928 ------w C:\WINDOWS\XPCD\i386\WINNTBBU.DLL
+ 2002-09-03 16:26:37 12,288 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\APMUPGRD.DLL
+ 2002-09-03 16:26:37 6,656 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\BOSCOMP.DLL
+ 2002-09-03 16:26:37 58,128 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\CFGMGR32.DLL
+ 2002-09-03 16:26:37 40,960 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\CLUSCOMP.DLL
+ 2002-09-03 16:26:37 5,120 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\FSFILTER.DLL
+ 2002-09-03 16:26:37 6,656 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\FTCOMP.DLL
+ 2002-09-03 16:26:37 5,632 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\INPUPGRD.DLL
+ 2002-09-03 16:26:38 5,632 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\MS\MODEMSHR\MDMSHRUP.DLL
+ 2002-09-03 16:26:39 30,748 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\MS\SNA\IBMMGUG.DLL
+ 2002-09-03 16:26:39 38,941 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\MS\SNA\NTSNAUPG.DLL
+ 2002-09-03 16:26:39 28,701 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\MS\SNA\SNADLCUG.DLL
+ 2002-09-03 16:26:37 5,632 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\MSMQCOMP.DLL
+ 2004-08-04 08:56:36 121,344 ------w C:\WINDOWS\XPCD\i386\WINNTUPG\NETUPGRD.DLL
+ 2002-09-03 16:26:38 11,264 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\NTDSUPG.DLL
+ 2004-08-04 08:56:36 6,144 ------w C:\WINDOWS\XPCD\i386\WINNTUPG\nv4prep.dll
+ 2002-09-03 16:26:39 9,756 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\DIGI\ASYNC\DGUPGRD.DLL
+ 2002-09-03 16:26:39 72,732 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\DIGI\ISDN\BRI\DIGIUPG.DLL
+ 2002-09-03 16:26:39 28,701 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\DIGI\ISDN\PRI\DIGPRIUP.DLL
+ 2002-09-03 16:26:39 11,292 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\DIGI\REALPORT\DGRPUPG.DLL
+ 2002-09-03 16:26:40 114,717 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\EQN\EQNUPGRD.DLL
+ 2002-09-03 16:26:40 31,744 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\SPX\MPS\SPXUPGRD.DLL
+ 2002-09-03 16:26:40 33,792 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\OEM\TIGERJET\TJUPG.DLL
+ 2004-08-04 08:56:36 323,344 ------w C:\WINDOWS\XPCD\i386\WINNTUPG\SETUPAPI.DLL
+ 2002-09-03 16:26:38 4,608 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\TSCOMP.DLL
+ 2002-09-03 16:26:38 11,776 ----a-w C:\WINDOWS\XPCD\i386\WINNTUPG\VIDUPGRD.DLL
+ 2002-09-03 17:14:29 53,248 ----a-w C:\WINDOWS\XPCD\i386\WSDU.DLL
+ 2004-08-04 08:56:36 77,824 ------w C:\WINDOWS\XPCD\i386\WSDUENG.DLL
+ 2008-01-20 02:33:35 278,927,592 ----a-w C:\WINDOWS\XPSP2\WindowsXP-KB835935-SP2-ENU.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 10:21 147456]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-07-05 07:29 4538368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 21:14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 11:04 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 17:21 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-27 20:10 335872]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-11 22:03 167936]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-12 22:01 98304]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 02:36 135168]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 14:37 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 18:35 70800]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [2004-02-25 05:08 536576]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" [ ]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-08 18:27 119296 C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-11-25 15:01 100056]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-09 16:25 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-09 16:34 282624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 19:39 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 16:04 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 10:05:56]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 13:08:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{402528E8-0AE7-1033-0519-040404230001}"= "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
Security Providers "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"\0\0

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 16:32]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe []
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 01:31]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 15:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - G:\BC175E47.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-01-08 02:51:45 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 00:29:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Common Files\Sony Shared\Sony Utilities\KeyHook.dll
.
Completion time: 2008-01-23 0:33:46
ComboFix-quarantined-files.txt 2008-01-23 08:33:41
ComboFix2.txt 2008-01-14 10:09:58
.
2007-12-22 18:11:25 --- E O F ---
  • 0

#28
alcee410
Posted 23 January 2008 - 02:48 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
And for the Jotti scans, I got this message for all three of them:
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

And here's the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:02 AM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12690 bytes
  • 0

#29
alcee410
Posted 23 January 2008 - 02:55 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi andrewuk. I have a question. A lot of times, when I am working on the steps you give me, my AVG virus program tells me that a certain file is a threat and asks me if I want to heal it or ignore it. For example, when I tried to do a jotti scan on C:\WINDOWS\system32\wowfx(2).dll, AVG picked it up as a threat and noted that same file path. I ignored it, thinking, that we need to work with it. So, what would I do in the future?
  • 0

#30
andrewuk
Posted 23 January 2008 - 07:11 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

it is very likely to be a threat, it looks bad and AVG is picking it up. so we will delete it in this post and try and scan those other files.

====STEP 1====
if you already have OTMoveIT2 on your machine, delete it and replace it with this one.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\wowfx(2).dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


====STEP 2====
we will backup your registry before we make these changes. bEtter safe than sorry.

Go to Start > Run
Type:regedit
Click OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch. <= important!
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put backup
  • Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.


====STEP 3====
Registry Modifications

Next, lets remove the unwanted items.
Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Save it to your desktop has fixit.reg (filetype = any)

REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=hex(7):22,6d,73,61,70,73,73,70,63,2e,\
64,6c,6c,2c,20,73,63,68,61,6e,6e,65,6c,2e,64,6c,6c,2c,20,64,69,67,65,73,74,\
2e,64,6c,6c,2c,20,6d,73,6e,73,73,70,63,2e,64,6c,6c,22,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"Security Providers"=-

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating sysytem

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

(In case you are unsure how to create a reg file, take a look here with screenshots.)


====STEP 4====
lets retry and scan the other 2 files. please disable any firewalls you have running.

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe

Click on the submit button

Please also do the same with the following three files:
C:\Documents and Settings\TEMP\TEMP.exe
C:\Documents and Settings\Guest.ALANCOMP\Guest.ALANCOMP.exe
G:\BC175E47.exe


Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal


====STEP 5====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open one Notepad main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.



In your next reply could i see:
1. the OTMoveIT2 log
2. the jotti scans
3. the DSS log

andrewuk
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP