Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32:tratBHO detected [RESOLVED]

Started by fixinit , Jan 29 2008 10:38 PM

  • This topic is locked This topic is locked

#1
fixinit
Posted 29 January 2008 - 10:38 PM

fixinit

    New Member

  • Member
  • Pip
  • 8 posts
deckards log attached....

Attached Files


  • 0

Advertisements

#2
Rorschach112
Posted 30 January 2008 - 06:51 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the log here instead of attaching it please
  • 0

#3
fixinit
Posted 30 January 2008 - 08:54 PM

fixinit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Can you post the log here instead of attaching it please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:48 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
D:\Office12\GrooveMonitor.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netmail.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.ver...gi-bin/getproxy
O3 - Toolbar: Clusty - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Clusty Toolbar\toolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [VMConsole.exe] "C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" /windowmin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [b4eb7c85] rundll32.exe "C:\WINDOWS\system32\iidrehwb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://vcel.interwis...ystemchecks.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125271889001
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130605959054
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.c...PlayerAxWin.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 12985 bytes
  • 0

#4
Rorschach112
Posted 31 January 2008 - 09:43 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
fixinit
Posted 31 January 2008 - 09:29 PM

fixinit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 08-02.01.1 - Ron 2008-01-31 22:11:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.110 [GMT -5:00]
Running from: C:\Documents and Settings\Ron\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-31 06:07 . 2008-01-31 06:07 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\Windows Desktop Search
2008-01-30 01:17 . 2008-01-30 01:18 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-01-30 01:12 . 2006-09-15 07:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-01-30 01:12 . 2006-09-15 07:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-01-30 01:12 . 2006-09-15 07:36 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-01-30 00:20 . 2008-01-31 12:30 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-30 00:20 . 2008-01-30 00:20 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-30 00:16 . 2008-01-30 00:16 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-30 00:16 . 2008-01-31 21:27 3,920,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-30 00:16 . 2008-01-31 21:27 22,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-30 00:16 . 2008-01-31 21:27 13,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-30 00:16 . 2008-01-31 21:27 2,084 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-29 23:54 . 2008-01-30 00:08 <DIR> d----c--- C:\KAV
2008-01-28 22:33 . 2008-01-28 22:33 <DIR> d----c--- C:\Deckard
2008-01-28 22:17 . 2008-01-28 22:17 <DIR> d-------- C:\Program Files\Sun
2008-01-28 22:16 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-28 21:49 . 2008-01-28 22:15 <DIR> d-------- C:\Program Files\Java
2008-01-28 21:39 . 2008-01-28 21:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-28 21:30 . 2008-01-28 21:30 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-28 21:30 . 2008-01-31 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 21:24 . 2008-01-28 21:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-27 21:54 . 2004-02-13 18:40 610,796 --a------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-01-27 21:54 . 2004-02-09 14:58 401,408 --a------ C:\WINDOWS\system32\drivers\alcxsens.sys
2008-01-27 21:54 . 2004-02-02 18:37 208,896 --------- C:\WINDOWS\alcupd.exe
2008-01-27 21:54 . 2004-02-09 15:18 155,648 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-01-27 21:54 . 2004-02-02 18:44 139,264 --------- C:\WINDOWS\alcrmv.exe
2008-01-27 16:09 . 2008-01-27 16:09 <DIR> d----c--- C:\VundoFix Backups
2008-01-27 03:19 . 2008-01-27 03:19 0 --a------ C:\WINDOWS\Unsetup.INI
2008-01-27 02:34 . 2008-01-27 02:34 <DIR> d-------- C:\Program Files\Common Files\The Shield Firewall
2008-01-27 02:17 . 2008-01-27 02:35 <DIR> d-------- C:\Program Files\PCSecurityShield
2008-01-26 23:04 . 2008-01-26 23:04 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-26 23:01 . 2008-01-27 00:04 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-26 22:46 . 2008-01-27 00:12 <DIR> d-------- C:\Program Files\BitDefender
2008-01-26 21:30 . 2008-01-26 21:30 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-01-26 21:24 . 2008-01-26 21:24 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\iolo
2008-01-26 21:24 . 2008-01-26 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-01-23 21:23 . 2007-05-01 17:23 528,384 --a------ C:\WINDOWS\system32\VZWDownManager.exe
2008-01-23 21:23 . 2007-05-01 17:23 49,152 --a------ C:\WINDOWS\system32\VZWDLManager.dll
2008-01-23 21:23 . 2007-05-02 03:34 375 --a------ C:\WINDOWS\system32\VZWDLManager.inf
2008-01-23 19:16 . 2008-01-23 19:27 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-23 19:15 . 2008-01-23 19:29 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 19:14 . 2008-01-23 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-22 21:58 . 2008-01-26 21:53 <DIR> d-------- C:\Documents and Settings\Ron\Application Data\McAfee
2008-01-08 22:34 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-01-08 22:34 . 2007-05-04 16:54 22,528 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-01-08 22:34 . 2007-05-04 16:54 22,528 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-01-08 22:34 . 2007-04-05 15:04 17,920 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-01-08 22:34 . 2007-01-23 19:03 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-01-08 22:34 . 2006-12-06 17:33 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-01-08 22:31 . 2008-01-08 22:31 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-08 22:31 . 2008-01-08 22:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-01-08 22:31 . 2008-01-08 22:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-01-08 22:31 . 2008-01-08 22:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-01-08 22:31 . 2008-01-08 22:31 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-01-08 22:27 . 2008-01-08 22:27 <DIR> d--h-c--- C:\temp\pt8q3khslw
2008-01-08 22:26 . 2008-01-08 22:26 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-01-08 22:25 . 2008-01-24 22:19 1,609,728 --a------ C:\WINDOWS\MEDB.mdb
2008-01-05 16:09 . 2008-01-31 22:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 16:09 . 2008-01-05 16:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 21:53 . 2008-01-02 21:53 <DIR> d-------- C:\Program Files\iPod
2008-01-02 21:47 . 2008-01-02 21:50 <DIR> d-------- C:\Program Files\QuickTime
2008-01-02 21:47 . 2008-01-27 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-02 21:45 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-02 21:44 . 2008-01-02 21:44 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-02 21:43 . 2008-01-02 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 02:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 02:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-28 02:16 --------- d-----w C:\Documents and Settings\Ron\Application Data\DAEMON Tools
2008-01-27 08:18 --------- d-----w C:\Documents and Settings\Ron\Application Data\Azureus
2008-01-27 04:33 --------- d-----w C:\Documents and Settings\Marsha\Application Data\CiscoCAA
2008-01-27 03:10 --------- d-----w C:\Program Files\Common Files\McAfee
2008-01-27 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-27 02:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-24 04:03 --------- d-----w C:\Program Files\MoodLogic
2008-01-24 03:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-05 17:37 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-24 05:28 --------- d-----w C:\Program Files\Microsoft Expression
2007-12-24 05:03 --------- d-----w C:\Program Files\DAEMON Tools Lite
2007-12-24 04:42 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-23 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-12-23 23:02 --------- d-----w C:\Program Files\Microsoft Works
2007-12-23 23:01 --------- d-----w C:\Program Files\MSBuild
2007-12-23 22:56 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-23 22:46 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-12-23 22:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-12-18 05:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 05:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 18:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-03-07 12:32 72,264 ----a-w C:\Documents and Settings\Ron\Application Data\GDIPFONTCACHEV1.DAT
2006-11-16 04:14 32 -csha-w C:\WINDOWS\{0B9CF6ED-6A61-4CF6-A7D2-51E1BFFBEF88}.dat
2005-06-17 01:26 32 -csha-w C:\WINDOWS\{28CB4BCB-5D95-43C7-8B26-3B3D6EA4F3A8}.dat
2005-10-29 15:44 32 -csha-w C:\WINDOWS\{7A4759E7-57A6-4829-9591-37BE316B1964}.dat
2005-06-17 01:26 32 -csha-w C:\WINDOWS\{865486F4-E252-49F2-AF9D-C072CB2D4C29}.dat
2006-11-15 03:11 32 -csha-w C:\WINDOWS\{AB8070FF-A8C2-4E93-9F54-7E56B652A141}.dat
2005-06-17 01:26 32 -csha-w C:\WINDOWS\{CBDFA235-EDDA-499C-AC86-83032CCAE52C}.dat
2005-06-17 02:12 32 -csha-w C:\WINDOWS\{E0433391-F1BE-4378-962F-B0CD2AE9943B}.dat
2005-06-17 02:12 32 --sha-w C:\WINDOWS\system32\{215D7277-E9F2-40E4-AB3E-3211F370204E}.dat
2005-10-29 15:44 32 --sha-w C:\WINDOWS\system32\{4F631C4B-11F5-464D-860E-03213EAFB7F1}.dat
2005-06-17 01:26 32 --sha-w C:\WINDOWS\system32\{5325C48F-47CF-485A-AE6D-9A2ECEA628BA}.dat
2005-06-17 01:26 32 --sha-w C:\WINDOWS\system32\{70D5AF6D-CE13-4E8C-8E28-81405F9E7E29}.dat
2006-11-15 03:11 32 --sha-w C:\WINDOWS\system32\{78A4210C-7C22-44AC-B779-645538A5D152}.dat
2006-11-16 04:14 32 --sha-w C:\WINDOWS\system32\{E14FF6EA-E806-4C7B-8952-EED10C173CCF}.dat
2005-06-17 01:26 32 --sha-w C:\WINDOWS\system32\{E2CF4A09-2C32-4453-AE03-E39812BA5C4D}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 13:43 472632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-19 20:42 61440]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 20:21 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-26 21:00 339968]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-12 01:03 167936]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-13 01:01 98304]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 16:12 32768]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-01-17 05:36 135168]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"HP OfficeJet T Series"="C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" [ ]
"VMConsole.exe"="C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" [2004-02-25 08:08 536576]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"GrooveMonitor"="D:\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"BitDefender Antiphishing Helper"="D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R2 IOPort;IOPort;C:\WINDOWS\System32\DRIVERS\IOPORT.SYS [2001-03-01 00:15]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [2004-03-12 19:32]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-09-06 11:39]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 11:39]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 12:51]
S2 NICSer_WPC300N;NICSer_WPC300N;C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe []
S3 CBPSp50;CBPSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CBPSp50.sys []
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\CBTNDIS5.SYS [2003-07-16 22:28]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 11:39]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-04-05 15:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-05-04 16:54]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-05-04 16:54]
S3 SCAN;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:56]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe [2004-03-12 18:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 03:10:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:16:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 22:19:40
ComboFix-quarantined-files.txt 2008-02-01 03:19:10
ComboFix2.txt 2008-02-01 02:23:17
.
2008-01-27 22:19:57 --- E O F ---
  • 0

#6
fixinit
Posted 31 January 2008 - 09:30 PM

fixinit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:23 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Lotus\Notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe
D:\Office12\GrooveMonitor.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netmail.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.ver...gi-bin/getproxy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Clusty - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Clusty Toolbar\toolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HP OfficeJet T Series] "C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet T Series\Install"
O4 - HKLM\..\Run: [VMConsole.exe] "C:\Program Files\sony\vaio media integrated server\Platform\VMConsole.exe" /windowmin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtec...ntrol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11865A2A-649F-4FA1-8B99-B97DF8070B7C} (IWSystemchecks Control) - http://vcel.interwis...ystemchecks.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125271889001
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130605959054
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.c...PlayerAxWin.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 14055 bytes
  • 0

#7
Rorschach112
Posted 01 February 2008 - 06:40 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.


Also tell me how your PC is running
  • 0

#8
fixinit
Posted 01 February 2008 - 10:58 PM

fixinit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
A0104294.bat;C:\System Volume Information\_restore{BE6D594A-9937-4757-9D7D-47F11C10FAC3}\RP723;Probably BATCH.Virus;Incurable.Deleted.;
A0105407.bat;C:\System Volume Information\_restore{BE6D594A-9937-4757-9D7D-47F11C10FAC3}\RP723;Probably BATCH.Virus;Incurable.Deleted.;
A0105463.bat;C:\System Volume Information\_restore{BE6D594A-9937-4757-9D7D-47F11C10FAC3}\RP723;Probably BATCH.Virus;Incurable.Deleted.;
A0105514.ocx;C:\System Volume Information\_restore{BE6D594A-9937-4757-9D7D-47F11C10FAC3}\RP723;Adware.Gdown;Incurable.Deleted.;


Seems to be running much better. Is that the end of the routines to clear my pc? What virus software do you recommend? Im running Kaspersky lab trial version that is set to expire soon.

Edited by fixinit, 01 February 2008 - 11:42 PM.

  • 0

#9
Rorschach112
Posted 02 February 2008 - 07:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes we are all done, few things to do

What virus software do you recommend? Im running Kaspersky lab trial version that is set to expire soon.

When it expires make sure you fully remove it, then download and install one of the following


* Some good free firewalls are ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.


* AVG makes an excellent free antivirus client, as do AntiVir or avast!.


You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#10
fixinit
Posted 03 February 2008 - 04:24 PM

fixinit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I cannot thank you enough for assisting me in cleaing up my computer. Wow, what a mess it was. I took you advice very seriously and downloaded most of what you suggested, including Firefox. Thank you very much! :)
  • 0

#11
Rorschach112
Posted 03 February 2008 - 04:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP