Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

medichi.exe and medichi2.exe problems [RESOLVED]

Started by alcee410 , Jan 06 2008 07:20 PM

  • This topic is locked This topic is locked

#31
alcee410
Posted 25 January 2008 - 01:46 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. The fixit.reg was merged successfully. Here's the OTMoveIT2 log

LoadLibrary failed for C:\WINDOWS\system32\wowfx(2).dll
C:\WINDOWS\system32\wowfx(2).dll NOT unregistered.
C:\WINDOWS\system32\wowfx(2).dll moved successfully.

OTMoveIt2 v1.0.6 log created on 01242008_231248


But again, i could not do the Jotti Scans

This is the response I get: "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

For the "...TEMP.exe" and the "...Guest.ALANCOMP.exe": as soon as I hit Submit at the Jotti site, my AVG virus software gives me message saying,
"Threat Detected!
While opening file: C:\Documents and Settings\Guest.ALANCOMP\Guest.ALANCOMP.exe
Trojan horse PSW.Generic5.ADAR"
My options are to 1) Heal, 2) Ignore, or 3) Move to Vault.
The same message comes up for "...TEMP.exe"

Should I n fact Heal them through AVG?

Also, I think I turned off the firewall, but I'm not sure if i did it properly. I went to Control Panel --> Windows Firewall, and clicked Off. Is there anything else I need to do?

One more question, for the last file you asked to scan with Jotti, you use the letter G: for the drive. Did you mean C:? is it a typo or intentional?

Thank you,

ALCee410

This message comes up for all four files you asked me to scan.
  • 0

Advertisements

#32
alcee410
Posted 25 January 2008 - 01:47 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. Please ignore the last line in my last message. I was copying and pasting and pushed that line down without deleting it.
  • 0

#33
andrewuk
Posted 25 January 2008 - 09:46 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

yes, if AVG detects a threat have it moved to the vault, if it is a false positive then we can restore it.

Also, I think I turned off the firewall, but I'm not sure if i did it properly. I went to Control Panel --> Windows Firewall, and clicked Off. Is there anything else I need to do?

that is all you need to do for the Windows Firewall. there is a chance that you have other firewalls with, for example, AVG.

One more question, for the last file you asked to scan with Jotti, you use the letter G: for the drive. Did you mean C:? is it a typo or intentional?

no, i did mean G:, i can see these in your log:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
\Shell\AutoRun\command - G:\
\Shell\open\Command - G:\BC175E47.exe


however, lets do a scan first with your AVG, see what that clears and then come back to these.


====STEP 1====
do a complete scan with your AVG and post the log in your next reply. make sure the AVG is fully updated and have the AVG move all infections to the vault.


====STEP 2====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open one Notepad main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.



in your next reply could i see:
1. the AVG scan
2. the DSS log

andrewuk
  • 0

#34
alcee410
Posted 28 January 2008 - 06:09 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi andrewuk. I ran AVG on my C: and D: drives. I beleive the G: drive is for my FlashDrive. So, I plugged it in and did a scan of G:. AVG found viruses on my G: drive. Since AVG did not automatically produce logs, I figured I would export the results to a .txt file. I pasted these below, and I hope they are clear enough to read. Following these is the DSS log. Thank you.


General properties
Report name Complete Test
Start time 1/27/2008 10:36:21 PM
End time 1/27/2008 11:44:51 PM (total: 1:08:30.4 hrs)
Launch method Scanning launched manually
Scanning result Threats found
Report status Scanning completed successfully

Object summary
Scanned 82710
Threats Found 85
Cleaned 0
Moved to vault 0
Deleted 85
Errors 0
C:\Documents and Settings\Alan\Desktop\aimfix_quarantine\22699_windows.exe.bak Deleted
C:\Documents and Settings\All Users\Desktop\Desktop.exe Deleted
C:\Documents and Settings\Guest\Desktop\Desktop.exe Deleted
C:\Documents and Settings\Guest.ALANCOMP\Guest.ALANCOMP.exe Deleted
C:\Documents and Settings\Guest.ALANCOMP\Desktop\Desktop.exe Deleted
C:\Documents and Settings\TEMP\TEMP.exe Deleted
C:\KPCMS\KPCMS.exe Deleted
C:\My Downloads\My Downloads.exe Deleted
C:\QooBox\Quarantine\C\.exe.vir Deleted
C:\QooBox\Quarantine\C\Documents and Settings\Alan\Application Data\printer.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\medichi.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\medichi2.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\murka.dat.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\WINDOWS.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\wsystmp_huv.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\wsystmp_rsr.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\wsystmp_vzt.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\kernelwind32.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\shovth.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\suspend.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\user32.dat.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\winsn.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\winsos.exe.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\dllcache\beep.sys.vir Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir Deleted
C:\WINDOWS\AppPatch\AppPatch.exe Deleted
C:\WINDOWS\Debug\Debug.exe Deleted
C:\WINDOWS\Driver Cache\i386\i386.exe Deleted
C:\WINDOWS\ERDNT\1-12-2008\1-12-2008.exe Deleted
C:\WINDOWS\ERDNT\1-12-2008\Users\00000001\00000001.exe Deleted
C:\WINDOWS\ERDNT\1-12-2008\Users\00000002\00000002.exe Deleted
C:\WINDOWS\ERDNT\dss\dss.exe Deleted
C:\WINDOWS\Help\Help.exe Deleted
C:\WINDOWS\Help\SBSI\Training\Training.exe Deleted
C:\WINDOWS\java\classes\classes.exe Deleted
C:\WINDOWS\java\Packages\Packages.exe Deleted
C:\WINDOWS\java\Packages\Data\Data.exe Deleted
C:\WINDOWS\java\trustlib\trustlib.exe Deleted
C:\WINDOWS\Media\Media.exe Deleted
C:\WINDOWS\Minidump\Minidump.exe Deleted
C:\WINDOWS\msagent\msagent.exe Deleted
C:\WINDOWS\msagent\intl\intl.exe Deleted
C:\WINDOWS\PCHealth\HelpCtr\Binaries\Binaries.exe Deleted
C:\WINDOWS\PCHealth\HelpCtr\Config\Config.exe Deleted
C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Cache.exe Deleted
C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\CheckPoint.exe Deleted
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\PackageStore.exe Deleted
C:\WINDOWS\Registration\Registration.exe Deleted
C:\WINDOWS\repair\repair.exe Deleted
C:\WINDOWS\Resources\Themes\Luna\Luna.exe Deleted
C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\Metallic.exe Deleted
C:\WINDOWS\security\logs\logs.exe Deleted
C:\WINDOWS\SoftwareDistribution\SoftwareDistribution.exe Deleted
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.exe Deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\Logs.exe Deleted
C:\WINDOWS\SoftwareDistribution\Download\Download.exe Deleted
C:\WINDOWS\SoftwareDistribution\Download\c268348752498f57ff1128ae6a23c4f1\c268348752498f57ff1128ae6a23c4f1.exe Deleted
C:\WINDOWS\SoftwareDistribution\Download\c268348752498f57ff1128ae6a23c4f1\update\update.exe Deleted
C:\WINDOWS\SoftwareDistribution\EventCache\EventCache.exe Deleted
C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default.exe Deleted
C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\9482F4B4-E343-43B6-B170-9A65BC822C77.exe Deleted
C:\WINDOWS\SONYSYS\VAIO Recovery\VAIO Recovery.exe Deleted
C:\WINDOWS\srchasst\srchasst.exe Deleted
C:\WINDOWS\srchasst\chars\chars.exe Deleted
C:\WINDOWS\srchasst\mui\0409\0409.exe Deleted
C:\WINDOWS\WinSxS\Manifests\Manifests.exe Deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac.exe Deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510.exe Deleted
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd.exe Deleted
C:\_OTMoveIt\MovedFiles\MovedFiles.exe Deleted
C:\_OTMoveIt\MovedFiles\01072008_213704\WINDOWS\trayicons.exe Deleted
C:\_OTMoveIt\MovedFiles\01072008_213704\WINDOWS\WINDOWS.exe Deleted
C:\_OTMoveIt\MovedFiles\01242008_231248\WINDOWS\system32\wowfx(2).dll Deleted
D:\30697A44.exe Deleted
D:\a712965750e1c654b466de05960fa42d\SP2GDR\SP2GDR.exe Deleted
D:\a712965750e1c654b466de05960fa42d\SP2QFE\SP2QFE.exe Deleted
D:\aacbc799af20f48f737ae2\aacbc799af20f48f737ae2.exe Deleted
D:\Ares\data\data.exe Deleted
D:\Ares\data\GUI\General\General.exe Deleted
D:\Ares\lang\lang.exe Deleted
D:\My Documents\NEW YORK 2007\NEW YORK 2007.exe Deleted
D:\Program Files\AIM\Resources\Resources.exe Deleted
D:\Program Files\AIM\sounds\sounds.exe Deleted
D:\Program Files\AIM\Sysfiles\Sysfiles.exe Deleted
D:\SonicStage\Packages\Optimized Files\Optimized Files.exe Deleted



AVG Results of the G: drive scan:

General properties
Report name Selected Areas Test
Start time 1/28/2008 3:52:47 PM
End time 1/28/2008 3:53:44 PM (total: 57.4 sec)
Launch method Scanning launched manually
Scanning result Threats found
Report status Scanning completed successfully

Object summary
Scanned 560
Threats Found 18
Cleaned 0
Moved to vault 0
Deleted 18
Errors 0
G:\Tarjan FLASHCARD\Tarjan FLASHCARD.exe Deleted
G:\Tarjan FLASHCARD\nb\nb.exe Deleted
G:\Tarjan FLASHCARD\China presentation\China presentation.exe Deleted
G:\CCH - Stigma\CCH - Stigma.exe Deleted
G:\Labels\Labels.exe Deleted
G:\Typed-Up Documents\Typed-Up Documents.exe Deleted
G:\Resume and Cover Letter\Resume and Cover Letter.exe Deleted
G:\EMA and Cell Phones\EMA and Cell Phones.exe Deleted
G:\EMA and Cell Phones\Figures\Figures.exe Deleted
G:\EMA and Cell Phones\Figures\4-24\4-24.exe Deleted
G:\EMA and Cell Phones\4-24 to 4-25\4-24 to 4-25.exe Deleted
G:\CHAT Paper\CHAT Paper.exe Deleted
G:\SC Lit\SC Lit.exe Deleted
G:\HR\HR.exe Deleted
G:\Misc\Misc.exe Deleted
G:\Empowerment\Empowerment.exe Deleted
G:\Clipart\Clipart.exe Deleted
G:\MED SCHOOL APPLICATION\MED SCHOOL APPLICATION.exe Deleted




DSS Log

Deckard's System Scanner v20071014.68
Run by Alan on 2008-01-28 16:04:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).
System Drive C: has 0.25 GiB (less than 15%) free.


-- HijackThis (run as Alan.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:47 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Alan\Desktop\dss.exe
C:\DOCUME~1\Alan\Desktop\Alan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12643 bytes

-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-27 22:33:22 0 d--h----- C:\WINDOWS\PIF
2008-01-19 22:32:35 11552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 22:32:35 202528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 19:10:39 0 d-------- C:\KAV
2008-01-19 19:06:17 0 dr-hs---- C:\cmdcons
2008-01-19 19:06:15 0 d-------- C:\WINDOWS\setup.pss
2008-01-19 19:06:03 0 d-------- C:\WINDOWS\setupupd
2008-01-19 17:28:16 0 d-------- C:\WINDOWS\XPSP2
2008-01-19 17:27:56 0 d-------- C:\WINDOWS\XPCD
2008-01-07 19:48:35 0 d-------- C:\BFU
2008-01-02 09:28:14 0 d-------- C:\Program Files\Trillian
2008-01-01 08:31:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 05:50:09 0 d-------- C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 04:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 04:25:14 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 04:24:43 0 d-------- C:\Program Files\AIM6
2007-12-31 21:29:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 21:27:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 21:27:16 0 d-------- C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2007-12-31 21:26:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 21:12:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore


-- Find3M Report ---------------------------------------------------------------

2008-01-28 15:52:46 0 d-------- C:\Documents and Settings\Alan\Application Data\AVG7
2008-01-24 23:35:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-21 14:55:37 0 d-------- C:\Program Files\Common Files
2007-12-25 08:45:39 0 d-------- C:\Program Files\Traktor DJ Studio
2007-12-25 04:35:50 0 d-------- C:\Documents and Settings\Alan\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 05:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/27/2004 08:10 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 09:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/11/2003 10:03 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [02/12/2004 10:01 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 02:36 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 10:29 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/12/2005 02:37 PM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [12/11/2003 06:35 PM]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [02/25/2004 05:08 AM]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" []
"SbUsb AudCtrl"="sbusbdll.dll" [07/08/2004 06:27 PM C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/25/2005 03:01 PM]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 09:26 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2006 04:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/09/2006 04:34 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/14/2008 07:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [06/25/2004 10:21 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/05/2006 07:29 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/09/2007 09:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [12/18/2007 11:04 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 10:05:56 AM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 1:08:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{402528E8-0AE7-1033-0519-040404230001}"="C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"\0\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]
AutoRun\command- G:\
open\Command- BC175E47.exe




-- End of Deckard's System Scanner: finished at 2008-01-28 16:05:40 ------------
  • 0

#35
andrewuk
Posted 29 January 2008 - 02:42 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

things are looking better now.

in this log we will update your java, focus again on your G:Drive, clear up some final issues and then see how your machine is running.

firstly, I see you have Viewpoint Manager installed on your PC. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware

I recommend that you remove the Viewpoint products; however, decide for yourself - the fix below will clearly indicate where i am removing Viewpoint Manager, if you wish to keep Viewpoint Manager on your machine then ignore those parts of the fix.


====STEP 1====
Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    Downloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.


====STEP 2====
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


====STEP 3====

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe <== only fix this entry if you want to clear Viewpoint

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

and, only do this next part if you want to remove Viewpoint

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Viewpoint
Viewpoint Manager
Viewpoint Media Player

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Viewpoint <== only delete this folder if you want to clear out Viewpoint.



====STEP 4====

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}Registry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36b96ad6-a097-11dc-9bf0-b049a0c8caff}][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aebcc43-2b0d-11da-9b48-000e9b42a799}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


so, in your next reply could i see:
1. the cfscript.txt report
2. confirmation on what you decided to do with Viewpoint
3. a new hijackthis log
4. some idea of how your machine is running now

andrewuk
  • 0

#36
alcee410
Posted 03 February 2008 - 05:15 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. Ok, i finally finished this step. I decided to remove all Viewpoint programs. The computer seems to be running OK. A little slow, especially at startup.
Here are the logs:

COMBOFIX:

ComboFix 08-02.03.1 - Alan 2008-02-03 15:02:54.3 - NTFSx86
Running from: C:\Documents and Settings\Alan\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Alan\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 15:01 . 2008-02-03 15:07 <DIR> d-------- C:\QooBox
2008-02-03 15:01 . 2008-02-03 15:07 <DIR> d-------- C:\ComboFix(2)
2008-02-03 15:00 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-03 15:00 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-03 15:00 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-03 15:00 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-03 14:26 . 2008-02-03 14:59 <DIR> d-------- C:\ComboFix
2008-01-30 00:31 . 2008-01-30 00:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 00:31 . 2008-01-30 00:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 00:27 . 2008-02-03 13:53 <DIR> d--hs---- C:\Config.Msi
2008-01-29 21:59 . 2008-01-29 22:03 <DIR> d-------- C:\Documents and Settings\Alan\.SunDownloadManager
2008-01-27 22:33 . 2008-01-27 22:33 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-19 22:32 . 2008-01-21 14:51 202,528 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 22:32 . 2008-01-19 22:32 194,320 --a------ C:\WINDOWS\system32\drivers\klif.sys
2008-01-19 22:32 . 2008-01-21 14:51 11,552 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 22:32 . 2008-01-21 14:51 4,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 22:32 . 2008-01-21 14:51 2,156 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-19 19:10 . 2008-01-19 19:10 <DIR> d-------- C:\KAV
2008-01-19 19:06 . 2004-08-03 23:00 260,272 -r-hs---- C:\cmldr
2008-01-19 19:06 . 2005-09-18 20:21 211 -rahs---- C:\BOOT.BAK
2008-01-19 17:28 . 2008-01-19 18:41 <DIR> d-------- C:\WINDOWS\XPSP2
2008-01-19 17:27 . 2008-01-19 18:53 <DIR> d-------- C:\WINDOWS\XPCD
2008-01-14 02:00 . 2003-03-31 04:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-01-14 02:00 . 2003-03-31 04:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-01-09 01:54 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-01-09 01:54 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-01-09 01:54 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-01-09 01:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 01:54 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-01-07 21:37 . 2008-01-07 21:37 <DIR> d-------- C:\_OTMoveIt
2008-01-07 19:48 . 2008-01-20 20:14 <DIR> d-------- C:\BFU
2008-01-07 19:41 . 2008-01-07 19:42 <DIR> d-------- C:\Program Files\ERUNT
2008-01-07 03:18 . 2008-01-07 03:18 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-03 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-03 22:17 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-03 21:57 --------- d-----w C:\Documents and Settings\Alan\Application Data\AVG7
2008-02-03 21:55 --------- d-----w C:\Program Files\Common Files
2008-02-03 21:53 704,643,072 --sha-w C:\pagefile.sys
2008-02-03 21:53 468,766,720 --sha-w C:\hiberfil.sys
2008-01-30 08:29 --------- d-----w C:\Program Files\Microsoft Works
2008-01-30 08:29 --------- d-----w C:\Program Files\Common Files\Microsoft Shared
2008-01-30 08:23 --------- d-----w C:\Program Files\Kazaa
2008-01-30 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 08:08 --------- d-----w C:\Program Files\Quicken
2008-01-16 04:22 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-15 03:39 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
2008-01-15 03:38 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
2008-01-09 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-07 07:43 --------- d-----w C:\Documents and Settings\TEMP\Application Data\AVG7
2008-01-03 11:04 --------- d-----w C:\Program Files\Trillian
2008-01-01 16:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-01 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-01 13:50 --------- d-----w C:\Documents and Settings\Alan\Application Data\acccore
2008-01-01 13:49 --------- d-----w C:\Program Files\AIM6
2008-01-01 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-01 12:25 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-01 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 05:27 --------- d-----w C:\Documents and Settings\Alan\Application Data\SUPERAntiSpyware.com
2008-01-01 05:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 05:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\acccore
2007-12-26 21:14 --------- d-----w C:\Program Files\Grisoft
2007-12-25 16:45 --------- d-----w C:\Program Files\Traktor DJ Studio
2007-12-23 00:05 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
2007-12-23 00:05 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-12-23 00:05 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-12-23 00:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-23 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 19:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-22 18:20 --------- d-----w C:\Program Files\Internet Explorer
2007-12-22 03:59 --------- d-----w C:\Documents and Settings\TEMP\Application Data\Symantec
2007-12-06 07:49 --------- d-----w C:\Documents and Settings\TEMP\Application Data\U3
2007-12-02 23:00 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
2007-11-13 11:31 60,416 ------w C:\WINDOWS\system32\tzchange.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 10:21 147456]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-07-05 07:29 4538368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 21:14 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-12-18 11:04 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 17:21 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-27 20:10 335872]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 21:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-11 22:03 167936]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-12 22:01 98304]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 02:36 135168]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 14:37 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 18:35 70800]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [2004-02-25 05:08 536576]
"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" [ ]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-08 18:27 119296 C:\WINDOWS\system32\sbusbdll.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-11-25 15:01 100056]
"CTSysVol"="C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26 368706]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-09 16:25 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-09 16:34 282624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 19:39 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 16:04 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 10:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"\0\0

R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 16:32]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe []
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 01:31]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 15:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-01-08 02:51:45 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 15:07:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.


HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:53 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12605 bytes
  • 0

#37
andrewuk
Posted 03 February 2008 - 06:18 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi alcee410

from a malware point of view we are all but done.

i suspect your machine is running slowly because you are running 2 antivirus programs: norton and AVG. this will cause your computer to be slow and the programs will act in conflict with each other, and may provide less protection, not more. so, could you uninstall one of them. Looking through your logs it seems you are removing Norton - but could you just let me know which one you are removing and i can help you clear it out fully.

in this post we will just clear out the remnants of the viewpoint, seems it is still there in part.

I also see a legit service present in your HijackThislog:
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\luke\LOCALS~1\Temp\~vis0000\INSTAL~1.EXE (file missing)

But in this case, the file is missing and that's normal when it's present in the temp-folder. Also, normally this service should get deleted afterwards once installed, so we'll deal with that leftover here as well.



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Program Files\Viewpoint
C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


in your next reply could i see:
1. confirmation of which antivirus program you decided to remove
2. the OTMoveIT log
3. a new hijackthis log

andrewuk
  • 0

#38
andrewuk
Posted 11 February 2008 - 04:25 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
still with us?
  • 0

#39
alcee410
Posted 11 February 2008 - 04:30 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk,

Yes, I am still with you. It doesn't feel like it's been 8 days since your last set of instructions. I'm sorry about that. I'm replying from my work right now. Last week and weekend were busy, but I will be able to work on this tonight when I get home at 7:30 Pacific Standard Time. By the way, what city (or time zone) are you in? Just so I know. Thank you!

ALCee410
  • 0

#40
andrewuk
Posted 11 February 2008 - 04:55 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no problem :)

im in the UK
  • 0

Advertisements

#41
alcee410
Posted 12 February 2008 - 01:40 AM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi andrewuk. So, I decided to remove Norton. Now that my Add/Remove feature in the Control Panel works, I was able to remove all Norton components that way. At least I think. You may see some remnants of it somewhere. And below are the logs:

OTMoveIt Log:

File/Folder C:\Program Files\Viewpoint not found.
File/Folder C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001} not found.

OTMoveIt2 v1.0.6 log created on 02112008_233349




HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Alan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\Alan\LOCALS~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.kaspersky.com
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://www.iicm.edu/.../vivo/vvweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104394529761
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\Documents and Settings\Alan\Local Settings\Temp\WZSB1.tmp\installservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 10329 bytes
  • 0

#42
andrewuk
Posted 12 February 2008 - 01:07 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
from a malware point of view, your logs are looking good :), how is your machine running now?

you did pretty well in removing the norton (it is very hard to remove), just a few entries left in the logs:
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

......there is a chance that they disappeared once you rebooted (i am assuming you ran this scan before rebooting?)

did you go here to remove norton:? Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.

andrewuk
  • 0

#43
alcee410
Posted 12 February 2008 - 01:44 PM

alcee410

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
hi andrewuk. Thanks for the reply. I am at work now, but I remembered that I forgot to tell you in my last reply that of the three items I was supposed to fix with HijackThis, I did not find the following in the list:

O4 - HKCU\..\Policies\Explorer\Run: [{402528E8-0AE7-1033-0519-040404230001}] "C:\Program Files\Common Files\{402528E8-0AE7-1033-0519-040404230001}\Update.exe" mc-110-12-0000140

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

But, I guess that's ok, because that just means they were removed already. thanks. I will try to work some more on this tonight.
  • 0

#44
andrewuk
Posted 12 February 2008 - 02:21 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no problem, as you say, they are no longer in your logs :)
  • 0

#45
andrewuk
Posted 16 February 2008 - 11:11 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
still with us? how is your machine running now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP