[goldenbeetle]

I ran ComboFix and most of it just went like the instructions said, but then instead of bringing up the log upon completion, it said it needed to reboot. After it had booted back up I got the error message that "C:WINDOWS\system32\CF10708.exe was not a valid bitmap file" (I am not sure what that file is). I then went into the ComboFix folder to see if a log had been created. I found one titled ComboFix.text which contained:

ComboFix 08-06-20.4 - April K 2008-06-22 17:43:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.255 [GMT -4:00]
Running from: C:\Documents and Settings\April K\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

[Advertisements]

Can you re-download ComboFix

Boot into Safe Mode, and run it again

Seems something interfered

[Rorschach112]

Can you re-download ComboFix

Boot into Safe Mode, and run it again

Seems something interfered

[goldenbeetle]

Running ComboFix in SafeMode went the exact same way. I did notice though that during both times, right underneath where it says "However scan times for badly infected machines may easily double" it said "The system cannot find the file specified." then it continued on with the clock settings and all of the stages, but still doesnt bring up a log at the end. When i go back into that ComboFix.txt file it says the same thing, even says the date 6-20-08, so I am not sure if I am looking the right place or if it didn't even try to create a new log.

[Rorschach112]

Ok do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

[goldenbeetle]

ok when I copied & pasted that into Run it just tried to run the dss.exe off of my desktop, which of course failed and brought up the Paint error. when I went into the folder and right-clicked and told it to Open it ran the Deckard's System Scan and gave me one log, the main.txt:

Deckard's System Scanner v20071014.68
Run by April K on 2008-06-25 07:04:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as April K.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:04, on 2008-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\April K\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\APRILK~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB004" /M "Stylus CX4200"
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF25408.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\April K\Application Data\Microsoft\dtsc\9679.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - S-1-5-18 Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Transparent Windows.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.exe (User 'Default user')
O4 - .DEFAULT Startup: Transparent Windows.lnk = ? (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Recording Status.lnk = C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75DAC9-32D1-4687-BA69-9AE0E8454890}: NameServer = 216.234.97.2 216.234.97.3
O21 - SSODL: ufanspav - {a6403c8f-a9f9-4d9e-9361-7183d9e9e081} - C:\Documents and Settings\All Users\Application Data\ufanspav.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11446 bytes

-- Files created between 2008-05-25 and 2008-06-25 -----------------------------

2008-06-22 17:47:10 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-22 17:42:37 68096 --a------ C:\WINDOWS\zip.exe
2008-06-22 17:42:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-22 17:42:37 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-22 17:42:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 17:42:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-22 17:42:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-22 17:42:37 80412 --a------ C:\WINDOWS\grep.exe
2008-06-22 17:42:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 18:01:06 0 d-------- C:\Program Files\Trend Micro
2008-06-16 06:51:42 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-15 21:51:19 1140 --a------ C:\yAM.exe
2008-06-15 21:03:31 0 d-------- C:\Program Files\Panda Security
2008-06-15 19:59:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 19:13:29 0 d-------- C:\Documents and Settings\April K\Application Data\Malwarebytes
2008-06-15 19:13:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 19:13:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 19:11:51 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 16:16:37 0 d-------- C:\Program Files\uTorrent
2008-06-14 19:32:24 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-14 19:32:24 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-14 19:32:24 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-14 19:32:24 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-14 19:32:24 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-14 19:01:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-14 19:01:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-14 19:01:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-06-14 19:01:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-14 19:01:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-14 19:01:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-14 19:01:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-14 19:01:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-14 19:01:09 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-14 19:01:08 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-14 16:19:33 17664 --a------ C:\WINDOWS\win32eEND.exe
2008-06-14 16:19:33 15360 --a------ C:\WINDOWS\waolEND.exe
2008-06-14 15:59:56 2855 --a------ C:\WINDOWS\systeem.PIF
2008-06-14 15:20:00 0 d-------- C:\WINDOWS\system32\2092
2008-06-14 15:19:58 0 d--hs---- C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM
2008-06-14 14:03:54 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-14 12:43:25 126976 --a------ C:\Documents and Settings\All Users\Application Data\ufanspav.dll
2008-06-14 12:43:07 126976 --a------ C:\WINDOWS\ufanspav.dll
2008-06-14 12:42:32 0 d-------- C:\Temp
2008-06-14 12:42:19 0 d-------- C:\Documents and Settings\April K\Application Data\uTorrent
2008-05-25 17:23:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-22 21:11:10 22440 --a------ C:\Documents and Settings\April K\Application Data\wklnhst.dat
2008-06-17 19:40:23 0 d-------- C:\Program Files\Java
2008-06-15 19:59:15 0 d-------- C:\Program Files\Common Files
2008-05-28 19:51:09 0 d-------- C:\Program Files\BookSmart


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 18:48]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 13:10]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 17:43]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 19:36]
"Logitech Utility"="Logi_MwX.Exe" [2004-10-18 17:05 C:\WINDOWS\Logi_MwX.Exe]
"LgWDskTp"="C:\Program Files\Wireless Desktop\LgWDskTp.exe" [2004-10-27 12:37]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 01:48]
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 23:00]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"combofix"="C:\WINDOWS\system32\CF25408.exe" [2004-08-04 08:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Arovax Shield"="C:\Program Files\Arovax Shield\ArovaxShield.exe" [2007-04-26 07:18]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Microsoft Windows Installer"=C:\Documents and Settings\April K\Application Data\Microsoft\dtsc\9679.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ufanspav"= {a6403c8f-a9f9-4d9e-9361-7183d9e9e081} - C:\Documents and Settings\All Users\Application Data\ufanspav.dll [2008-06-14 12:43 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-25 07:05:16 ------------


When I looked through the Deckard folder I ended up finding the extra.txt log, but it was from back on 6-17...I am not seeing one that was created today.

[Rorschach112]

Hello


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O21 - SSODL: ufanspav - {a6403c8f-a9f9-4d9e-9361-7183d9e9e081} - C:\Documents and Settings\All Users\Application Data\ufanspav.dll


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\WINDOWS\win32eEND.exe
  C:\WINDOWS\waolEND.exe
  C:\WINDOWS\system32\2092
  C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM
  C:\WINDOWS\ufanspav.dll
  C:\Documents and Settings\All Users\Application Data\ufanspav.dll
  purity 
  EmptyTemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Rorschach112]

Post the logs

[goldenbeetle]

Hello, well now my computer won't even let me go to webpages including my e-mail without redirecting me to pop-up sites...so I wrote down all the code you listed above, went to HiJackThis and fixed the file you had listed. Then I went to try to run OTMoveIt2 and it will not let me...when I tell it to run either from the desktop or from the .exe file on my C drive, it does nothing at all - no error boxes, just won't run.

[goldenbeetle]

ok I used the Malwarebyte's Anti-Malware again to get rid of some of the junk that was keeping me from going to websites. Then I was able to get OTMoveIt2 to work...here is the new log:

Explorer killed successfully
C:\WINDOWS\win32eEND.exe moved successfully.
C:\WINDOWS\waolEND.exe moved successfully.
C:\WINDOWS\system32\2092 moved successfully.
C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM moved successfully.
C:\WINDOWS\ufanspav.dll unregistered successfully.
C:\WINDOWS\ufanspav.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\ufanspav.dll unregistered successfully.
C:\Documents and Settings\All Users\Application Data\ufanspav.dll moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\JETC9B8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_49c.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07142008_070907

Files moved on Reboot...
File C:\WINDOWS\temp\JETC9B8.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_49c.dat not found!

[Rorschach112]

Post a new DSS log

[goldenbeetle]

Deckard's System Scanner v20071014.68
Run by April K on 2008-07-14 20:23:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as April K.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23, on 2008-07-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\April K\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\APRILK~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: targetedbanner browser optimizer - {21a113df-7557-790b-a8a6-303e48f4af5a} - C:\WINDOWS\system32\wbjmteljogwj.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LgWDskTp] C:\Program Files\Wireless Desktop\LgWDskTp.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB004" /M "Stylus CX4200"
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF25408.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [{8ffb1c9b-613c-940a-8106-df5db53d6f04}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\wbjmteljogwj.dll" DllStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\April K\Application Data\Microsoft\dtsc\9679.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - S-1-5-18 Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Transparent Windows.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.exe (User 'Default user')
O4 - .DEFAULT Startup: Transparent Windows.lnk = ? (User 'Default user')
O4 - Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.exe
O4 - Startup: Transparent Windows.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Recording Status.lnk = C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=21871
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E75DAC9-32D1-4687-BA69-9AE0E8454890}: NameServer = 216.234.97.2 216.234.97.3
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM\command.exe (file missing)
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11900 bytes

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-08 21:06:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-02 05:29:08 158208 --a------ C:\WINDOWS\system32\wbjmteljogwj.dll
2008-06-28 11:41:01 64317 --a------ C:\WINDOWS\system32\ekfrgitoguf.exe
2008-06-28 11:37:32 0 d-------- C:\WINDOWS\system32\netrax06
2008-06-22 17:47:10 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-22 17:42:37 68096 --a------ C:\WINDOWS\zip.exe
2008-06-22 17:42:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-22 17:42:37 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-22 17:42:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-22 17:42:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-22 17:42:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-22 17:42:37 80412 --a------ C:\WINDOWS\grep.exe
2008-06-22 17:42:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 18:01:06 0 d-------- C:\Program Files\Trend Micro
2008-06-16 06:51:42 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-15 21:51:19 1140 --a------ C:\yAM.exe
2008-06-15 21:03:31 0 d-------- C:\Program Files\Panda Security
2008-06-15 19:59:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 19:13:29 0 d-------- C:\Documents and Settings\April K\Application Data\Malwarebytes
2008-06-15 19:13:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 19:13:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 19:11:51 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 16:16:37 0 d-------- C:\Program Files\uTorrent
2008-06-14 19:32:24 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-14 19:32:24 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-14 19:32:24 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-14 19:32:24 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-14 19:32:24 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-14 19:32:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-14 19:01:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-14 19:01:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-14 19:01:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-06-14 19:01:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-14 19:01:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-14 19:01:09 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-14 19:01:09 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-14 19:01:09 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-14 19:01:09 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-14 19:01:08 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-14 15:59:56 2855 --a------ C:\WINDOWS\systeem.PIF
2008-06-14 14:03:54 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-14 12:42:32 0 d-------- C:\Temp
2008-06-14 12:42:19 0 d-------- C:\Documents and Settings\April K\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-07-07 21:16:35 22440 --a------ C:\Documents and Settings\April K\Application Data\wklnhst.dat
2008-06-17 19:40:23 0 d-------- C:\Program Files\Java
2008-06-15 19:59:15 0 d-------- C:\Program Files\Common Files
2008-05-28 19:51:09 0 d-------- C:\Program Files\BookSmart
2008-05-25 17:41:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21a113df-7557-790b-a8a6-303e48f4af5a}]
2008-07-02 05:29 158208 --a------ C:\WINDOWS\system32\wbjmteljogwj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-13 18:48]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 13:10]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 17:43]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08]
"TVTunerLib"="C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe" [2005-02-17 19:36]
"Logitech Utility"="Logi_MwX.Exe" [2004-10-18 17:05 C:\WINDOWS\Logi_MwX.Exe]
"LgWDskTp"="C:\Program Files\Wireless Desktop\LgWDskTp.exe" [2004-10-27 12:37]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 01:48]
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 23:00]
"CreateCD_Reminder"="C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 15:17]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 19:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-06-10 19:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28]
"combofix"="C:\WINDOWS\system32\CF25408.exe" [2004-08-04 08:00]
"{8ffb1c9b-613c-940a-8106-df5db53d6f04}"="C:\WINDOWS\system32\wbjmteljogwj.dll" [2008-07-02 05:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Arovax Shield"="C:\Program Files\Arovax Shield\ArovaxShield.exe" [2007-04-26 07:18]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]
"mjc"="C:\Program Files\mjc\mjc.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Microsoft Windows Installer"=C:\Documents and Settings\April K\Application Data\Microsoft\dtsc\9679.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-07-14 20:23:45 ------------

[Rorschach112]

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: targetedbanner browser optimizer - {21a113df-7557-790b-a8a6-303e48f4af5a} - C:\WINDOWS\system32\wbjmteljogwj.dll
O4 - HKLM\..\Run: [{8ffb1c9b-613c-940a-8106-df5db53d6f04}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\wbjmteljogwj.dll" DllStart
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM\command.exe (file missing)
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\wbjmteljogwj.dll
C:\WINDOWS\system32\ekfrgitoguf.exe
C:\WINDOWS\system32\netrax06

Folder::
C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]

Driver::
cmdService
Plug and Play

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log

[goldenbeetle]

When I try to drag the .txt file into ComboFix it is just like before, it pops up the box asking if I would like Run to it and when I click Run it gives me the "Paint cannot read this file" error.

[Rorschach112]

Sorry do this

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\WINDOWS\system32\wbjmteljogwj.dll
  C:\WINDOWS\system32\ekfrgitoguf.exe
  C:\WINDOWS\system32\netrax06
  C:\WINDOWS\QXByaWwgRml0enNpbW1vbnM
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys
  cmdService <delete service>
  Plug and Play <delete service>
  purity 
  EmptyTemp
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Also post a new HijackThis log