Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack Log- Fake Visa Verification Site [CLOSED]

Started by decane , Jun 23 2008 10:03 PM

This topic is locked

#1
decane

Posted 23 June 2008 - 10:03 PM

Member

Member
105 posts

Hello everyone and thanks in advance for your assistance.

I'm really concerned with my current situation and I'm unable to resolve the issue.

SYSTEM:
Sony Vaio Laptop with Windows XP SP3

PROBLEM DESCRIPTION:
1. Sometime during the past 7-14 days a pop-up began appearing on my computer whenever I pay a bill via a credit card or swipe a card using a USB card reader. The pop-up has the Visa logo, displays the title Advanced Verification, and captures/pre-populates the correct credit card number on the form. The form asks me to enter the cardholder's name, exp date, cvv info, etc.... Unless I close the form my transation will not complete. I'm afraid this malware/spyware is capturing my credit card info.

2. Within the last few days I have noticed a few strange things occuring on my PC such as:
a. the delete button no longer functions
b. Although I am entering my password correctly, I am forced to enter my hotmail password twice prior to logging on.
c. Copy & paste functions are working sporadically.
d. While I am typing, my cursor will jump all over the screen.
e. My PC will not hibernate.

My biggest concern is with potential credit card fraud and losing control of my PC, but I have a feeling that they are all related.

STEPS TAKEN:
1. I have a purchased version of ZoneAlarm Security. I ran the virus scan in normal and safe modes.
2. I downloaded Adaware and ran a full system scan in normal and safe modes.
3. I download Spybot Search & Destroy and ran a full system scan in normal and safe modes.
4. I'm not sure of the exact date, but within the last 7-10 days I upgraded from XP SP1 to XPSP3
5. have installed all windows updates.
6. I went from Windows IE6 to IE7
7. Reran the scans in steps 1 to 3. Whenever I run a scan items are identified by nothing has fixed the issue.
8. Found this site and took the following recommended steps:
a. Ran ATF Cleaner
b. Ran Malware bytes (see logs below)
c. Ran Super Anti Spyware (see logs below)
d. Ran online Panda Scan (see logs below)
e. Ran Hijack this (see log & uninstall list below)

MALWARE LOG
Malwarebytes' Anti-Malware 1.17
Database version: 846

11:45:46 AM 6/22/2008
mbam-log-6-22-2008 (11-45-46).txt

Scan type: Quick Scan
Objects scanned: 42810
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f9df827a-8fa7-48a3-b268-ca4db563ea40} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\Windows AdStatus (Adware.AdStatus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Windows AdStatus\Info.txt (Adware.AdStatus) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmona.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

SUPERSPYWARE LOG
SUPERAntiSpyware Scan Log
Generated 06/22/2008 at 09:17 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 02:24:42

Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 6234
Registry threats detected : 12
File items scanned : 68207
File threats detected : 7

Adware.SideStep Toolbar
HKLM\Software\Classes\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\Implemented Categories
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\InprocServer32
HKCR\CLSID\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}\InprocServer32#ThreadingModel
C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE02A.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{83B28A74-640D-48F4-9F51-E80EED7CC7E0}

Adware.MediaMediatickets
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx#{9EB320CE-BE1D-4304-A081-4B4665414BEF}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx [ ]

Trojan.Malware
C:\asdf.txt

Adware.Tracking Cookie
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
C:\Documents and Settings\Michael\Cookies\[email protected][3].txt
C:\Documents and Settings\Michael\Cookies\michael@specificclick[2].txt

Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT

PANDA SCAN
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-23 22:02:58
PROTECTIONS: 1
MALWARE: 46
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
ZoneAlarm Anti-virus Antivirus 7.0.470.000 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00003992 spyware/adclicker Spyware No 1 Yes No c:\windows\usta32.ini
00003992 spyware/adclicker Spyware No 1 Yes No c:\windows\usta33.ini
00029767 adware/delfinmedia Adware No 1 Yes No c:\keys.ini
00029767 adware/delfinmedia Adware No 1 Yes No hkey_local_machine\software\skin
00029767 adware/delfinmedia Adware No 1 Yes No c:\windows\system32\vmss
00034463 adware/wupd Adware No 0 Yes No c:\program files\adstatus service
00034463 adware/wupd Adware No 0 Yes No hkey_local_machine\software\classes\winstatx.installer
00035753 adware/sidestep Adware No 0 Yes No c:\documents and settings\michael\start menu\sidestep.lnk
00035753 adware/sidestep Adware No 0 Yes No c:\documents and settings\michael\favorites\links\sidestep.url
00035753 adware/sidestep Adware No 0 Yes No c:\documents and settings\michael\application data\microsoft\internet explorer\quick launch\sidestep.lnk
00035753 adware/sidestep Adware No 0 Yes No c:\documents and settings\michael\start menu\programs\sidestep
00035753 adware/sidestep Adware No 0 Yes No c:\windows\downloaded program files\sbcie02a.inf
00035753 adware/sidestep Adware No 0 Yes No hkey_local_machine\software\microsoft\internet explorer\extensions\{3e230861-5c87-11d3-a1c6-00105a1b41b8}
00035753 adware/sidestep Adware No 0 Yes No hkey_local_machine\software\microsoft\code store database\distribution units\{640b39c1-d713-464f-92c3-75bd972b95ee}
00035753 adware/sidestep Adware No 0 Yes No hkey_classes_root\clsid\{0837121a-6472-43bd-8a40-d9221ff1c4ce}
00035753 adware/sidestep Adware No 0 Yes No hkey_current_user\software\sidestep
00035753 adware/sidestep Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{0837121A-6472-43BD-8A40-D9221FF1C4CE}
00048546 adware/searchrelevancy Adware No 0 Yes No c:\program files\searchrelevant
00063665 adware/pacimedia Adware No 0 Yes No hkey_current_user\software\psof1
00063665 adware/pacimedia Adware No 0 Yes No c:\windows\system32\ps1.exe
00063665 adware/pacimedia Adware No 0 Yes No c:\windows\system32\psof1.exe
00130137 adware/adshooter Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{C886256C-7A63-4213-AD2F-02AD3735DF06}
00130137 adware/adshooter Adware No 0 Yes No hkey_classes_root\clsid\{c886256c-7a63-4213-ad2f-02ad3735df06}
00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc800.txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc799.txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc798.txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc413.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc470.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc469.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc468.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc464.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc465.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc466.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc467.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc385.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc383.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc384.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc977.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc291.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc290.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc497.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc804.txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc1058.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc621.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc1021.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc623.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc622.txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc590.txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc591.txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc416.txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc499.txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc500.txt
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc876.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc437.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc438.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc439.txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc1039.txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc388.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc768.txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc769.txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc448.txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc670.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc970.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc315.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc316.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc317.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc377.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc378.txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc357.txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc750.txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc749.txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc365.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc364.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc363.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc973.txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc337.txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc335.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc349.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc350.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc971.txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc1037.txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc705.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc687.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc1035.txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc686.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc903.txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc904.txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc399.txt
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc402.txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc338.txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc336.txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc361.txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc362.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc540.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Cookies\michael@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc541.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc1004.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc543.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc542.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc544.txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc786.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc386.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc978.txt
00278769 Application/PRScheduler HackTools No 0 Yes No C:\DOCUMENTS AND SETTINGS\MICHAEL\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER.EXE
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc342.txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc341.txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc343.txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\RECYCLER\S-1-5-21-3450047428-1704894499-899711007-500\Dc353.txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:54 PM, on 6/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files D Drive\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wapp.verizon....mp;bm=yh_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0AB3A2C8-6237-43BE-A16F-8C48D33E4741} - C:\WINDOWS\System32\rqRJcAQj.dll (file missing)
O2 - BHO: (no name) - {303477A6-F9AE-4ED7-8E8A-9F492B8CA82B} - C:\WINDOWS\System32\ddcYonLe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {554D06CB-75C0-43F4-821C-2BAF86D85124} - C:\WINDOWS\System32\rqRkIyxU.dll (file missing)
O2 - BHO: {09256972-c8f2-33aa-9a84-da96f25db176} - {671bd52f-69ad-48a9-aa33-2f8c27965290} - C:\WINDOWS\System32\aqhvonpc.dll (file missing)
O2 - BHO: (no name) - {6AC2D634-0D43-47DF-AF9F-364C2589FB7E} - C:\WINDOWS\System32\geBqRkIx.dll (file missing)
O2 - BHO: (no name) - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - (no file)
O2 - BHO: (no name) - {F7EDE424-D0A6-405D-8531-1EDFCD07DEF8} - (no file)
O2 - BHO: (no name) - {FC8CF027-34ED-3136-E2A9-1B6471DD4DB5} - C:\WINDOWS\System32\jxjnpx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Fazdz] C:\WINDOWS\System32\w?wexec.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} (myax Control) - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mindbodyonli...ort/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: ssqQjjge - ssqQjjge.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12733 bytes

HIJAXK UNINSTALL LIST
Ad-Aware
Adobe Reader 7.0.9
Adobe Shockwave Player
AnyDVD
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
BitComet 0.70
Bonjour
BUM
Canon MP Navigator 3.0
Canon MP600
Canon MP600 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Chessmaster 9000
Click to DVD 1.3
CloneDVD2
C-Major Audio
CoreFLAC Audio Decoder+Source Filter (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
Easy-WebPrint
eMusic Download Manager
EPSON Printer Software
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HotKey Utility
InterVideo WinDVD 4
iPod for Windows 2005-03-23
iPod for Windows 2006-06-28
iTunes
IZArc 3.81
LAN-Express AS IEEE 802.11 Wireless LAN
Malwarebytes' Anti-Malware
Memory Stick Formatter
Messageware Plus Pack Base Component
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Project 98
Microsoft Works 7.0
MoodLogic
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
Music Visualizer Library 1.4.00
Nero 6 Ultra Edition
Netscape (7.02)
NVIDIA Windows 2000/XP Display Drivers
oggcodecs 0.71.0946
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-03-18-01
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Secure Module 3.2
Panda ActiveScan 2.0
PictureGear Studio 2.0
PowerPanel
QuickBooks Pro 2008
Quicken 2007
QuickTime
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Shockwave
SideStep
SiS 900 PCI Fast Ethernet Adapter Driver
SoftK56 Data Fax
SonicStage 1.6.00
Sony Certificate PCH
Sony Notebook Setup
Sony on Yahoo! Essentials
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
ubi.com
Update for Windows XP (KB942763)
VAIO BrightColor Wallpaper
VAIO Help and Support
VAIO Media 2.6
VAIO Media Integrated Server 2.6
VAIO Media Redistribution 2.6
VAIO Registration
VAIO Remote Commander Utility 5.5
VAIO Support
VAIO Survey Standalone
Verizon Online
Viewpoint Media Player (Remove Only)
WD Diagnostics
WD Firewire HID Driver
WebEx
WebFastConnect
Welcome to VAIO life
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Toolbar
ZoneAlarm Anti-virus

#2
fenzodahl512

Posted 28 June 2008 - 09:36 AM

Malware Removal
9,863 posts

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Apology of our late reply.. Real-Life commitment has intrude us.. Please do the following...

Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
Please let your firewall allow the scanning/downloading process.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator

Regards
fenzodahl512

#3
decane

Posted 28 June 2008 - 10:19 AM

Member

Topic Starter
Member
105 posts

Thanks for response. I'm working on it.

#4
fenzodahl512

Posted 28 June 2008 - 10:21 AM

Malware Removal
9,863 posts

Thanks for response. I'm working on it.

Ok..

#5
decane

Posted 28 June 2008 - 10:34 AM

Member

Topic Starter
Member
105 posts

Deckard's System Scanner v20071014.68
Run by Michael on 2008-06-28 12:22:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --
3: 2008-06-28 16:22:28 UTC - RP936 - Deckard's System Scanner Restore Point
2: 2008-06-27 22:19:28 UTC - RP935 - System Checkpoint
1: 2008-06-26 13:24:18 UTC - RP934 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 1.23 GiB (less than 15%) free.

-- HijackThis (run as Michael.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:21 PM, on 6/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\USBSircs\usbsircs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
D:\PROGRA~1\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://wapp.verizon....mp;bm=yh_search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer by Cavalier Telephone, LLC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0AB3A2C8-6237-43BE-A16F-8C48D33E4741} - C:\WINDOWS\System32\rqRJcAQj.dll (file missing)
O2 - BHO: (no name) - {303477A6-F9AE-4ED7-8E8A-9F492B8CA82B} - C:\WINDOWS\System32\ddcYonLe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {554D06CB-75C0-43F4-821C-2BAF86D85124} - C:\WINDOWS\System32\rqRkIyxU.dll (file missing)
O2 - BHO: {09256972-c8f2-33aa-9a84-da96f25db176} - {671bd52f-69ad-48a9-aa33-2f8c27965290} - C:\WINDOWS\System32\aqhvonpc.dll (file missing)
O2 - BHO: (no name) - {6AC2D634-0D43-47DF-AF9F-364C2589FB7E} - C:\WINDOWS\System32\geBqRkIx.dll (file missing)
O2 - BHO: (no name) - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - (no file)
O2 - BHO: (no name) - {F7EDE424-D0A6-405D-8531-1EDFCD07DEF8} - (no file)
O2 - BHO: (no name) - {FC8CF027-34ED-3136-E2A9-1B6471DD4DB5} - C:\WINDOWS\System32\jxjnpx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Fazdz] C:\WINDOWS\System32\w?wexec.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} (myax Control) - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mindbodyonli...ort/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: ssqQjjge - ssqQjjge.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12614 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>

S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 17:07:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-16 01:33:25 264 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-22 23:44:25 0 d-------- C:\Program Files\Panda Security
2008-06-22 12:11:09 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 12:10:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 12:10:35 0 d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2008-06-22 11:34:24 0 d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-06-22 11:34:09 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 11:34:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 11:33:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-22 10:39:53 0 d------c- C:\VundoFix Backups
2008-06-19 00:10:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 23:45:26 34520 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-18 19:42:03 0 d-------- C:\Program Files\WebEx
2008-06-18 19:42:02 36864 --a------ C:\Documents and Settings\Michael\atwbxdet.dll <Not Verified; ; atwbxdet Module>
2008-06-18 18:30:22 0 d-------- C:\Program Files\Bonjour
2008-06-18 01:13:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Template
2008-06-17 23:40:40 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 23:00:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-15 22:59:57 0 d-------- C:\Program Files\Common Files\Apple
2008-06-15 22:53:32 0 d------c- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-14 08:55:55 0 d-------- C:\WINDOWS\pss
2008-06-14 00:58:37 0 d-------- C:\WINDOWS\Prefetch
2008-06-14 00:44:15 0 d-------- C:\WINDOWS\system32\scripting
2008-06-14 00:44:08 0 d-------- C:\WINDOWS\l2schemas
2008-06-14 00:44:07 0 d-------- C:\WINDOWS\system32\en
2008-06-14 00:35:16 0 d-------- C:\WINDOWS\network diagnostic
2008-06-13 21:21:57 0 d-------- C:\WINDOWS\peernet
2008-06-13 21:21:53 0 d-------- C:\WINDOWS\provisioning
2008-06-13 21:17:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-13 21:08:10 0 d-------- C:\WINDOWS\EHome
2008-06-11 18:46:15 51304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2008-06-08 19:34:47 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-08 08:40:36 0 d------c- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-01 22:35:02 0 d-------- C:\Documents and Settings\Meredith\Application Data\AdobeUM
2008-05-28 23:27:40 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2008-05-28 23:27:40 0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2008-05-28 23:27:40 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2008-05-28 23:27:40 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2008-05-28 23:27:40 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2008-05-28 23:27:40 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2008-05-28 23:27:40 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Desktop
2008-05-28 23:27:40 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2008-05-28 23:27:40 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Application Data\Real
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-28 23:27:40 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-28 23:27:40 0 d------c- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-28 23:27:39 0 d------c- C:\Documents and Settings\Administrator\WINDOWS
2008-05-28 23:27:39 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2008-05-28 23:27:39 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2008-05-28 23:27:38 3145728 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-28 22:25:15 753475 --ahs---- C:\WINDOWS\system32\xIkRqBeg.ini2
2008-05-28 18:19:31 816399 --ahs---- C:\WINDOWS\system32\jQAcJRqr.ini2
2008-05-28 15:52:34 804480 --ahs---- C:\WINDOWS\system32\eLnoYcdd.ini2
2008-05-28 10:07:30 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft

-- Find3M Report ---------------------------------------------------------------

2008-06-24 18:13:36 0 d-------- C:\Documents and Settings\Michael\Application Data\Mozilla
2008-06-22 11:33:06 0 d-------- C:\Program Files\Common Files
2008-06-18 20:53:23 0 d-------- C:\Program Files\Windows NT
2008-06-18 19:06:03 0 d-------- C:\Program Files\Symantec
2008-06-18 19:05:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 19:04:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 18:59:16 0 d-------- C:\Program Files\Microsoft Money
2008-06-18 18:40:07 0 d-------- C:\Program Files\Lavasoft
2008-06-18 18:34:58 0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-06-15 23:35:48 0 d-------- C:\Program Files\iTunes
2008-06-15 23:34:51 0 d-------- C:\Program Files\iPod
2008-06-15 23:19:36 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 23:12:10 0 d-------- C:\Program Files\QuickTime
2008-06-14 01:08:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-14 00:44:56 0 d-------- C:\Program Files\Messenger
2008-06-14 00:44:06 0 d-------- C:\Program Files\Movie Maker
2008-06-13 23:42:05 0 d-------- C:\Documents and Settings\Michael\Application Data\Adobe
2008-06-13 23:41:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 23:36:36 0 d-------- C:\Program Files\Common Files\Real
2008-06-13 23:36:18 0 d-------- C:\Documents and Settings\Michael\Application Data\Real
2008-06-12 18:40:08 0 d-------- C:\Program Files\imGiant
2008-05-31 09:15:55 0 d-------- C:\Program Files\BitComet
2008-05-28 15:26:48 890136 --ahs---- C:\WINDOWS\system32\UxyIkRqr.ini2
2008-05-28 10:08:20 0 d-------- C:\Documents and Settings\Michael\Application Data\Lavasoft
2008-05-07 18:59:38 0 d-------- C:\Documents and Settings\Michael\Application Data\AdobeUM
2008-04-13 17:01:32 14848 --a----c- C:\Cume.exe
2008-04-12 09:25:02 14848 --a----c- C:\dYVO.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AB3A2C8-6237-43BE-A16F-8C48D33E4741}]
C:\WINDOWS\System32\rqRJcAQj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{303477A6-F9AE-4ED7-8E8A-9F492B8CA82B}]
C:\WINDOWS\System32\ddcYonLe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554D06CB-75C0-43F4-821C-2BAF86D85124}]
C:\WINDOWS\System32\rqRkIyxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{671bd52f-69ad-48a9-aa33-2f8c27965290}]
C:\WINDOWS\System32\aqhvonpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AC2D634-0D43-47DF-AF9F-364C2589FB7E}]
C:\WINDOWS\System32\geBqRkIx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7EDE424-D0A6-405D-8531-1EDFCD07DEF8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC8CF027-34ED-3136-E2A9-1B6471DD4DB5}]
C:\WINDOWS\System32\jxjnpx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [05/02/2003 06:51 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [06/26/2003 07:00 PM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"WD Button Manager"="WDBtnMgr.exe" [09/24/2006 02:31 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 09:30 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 01:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 02:19 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/14/2008 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fazdz"="C:\WINDOWS\System32\w?wexec.exe" [08/29/2002 08:00 AM]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [05/07/2007 02:17 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"SpybotSD TeaTimer"="D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [3/7/2008 3:29:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [9/12/1997]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 7:05:56 AM]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [9/12/1997]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [8/7/2003 5:45:44 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [9/11/2007 9:38:44 AM]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [9/11/2004 12:44:05 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjjge]
ssqQjjge.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\geBqRkIx

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMffb68ce5]
Rundll32.exe "C:\WINDOWS\System32\elwjqyrk.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fc85bf79]
rundll32.exe "C:\WINDOWS\System32\diemhsyl.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
"c:\program files\support.com\client\bin\tgcmd.exe" /server

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8724 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-06-28 12:30:17 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 509.48 MiB / 166.13 MiB
Pagefile Memory (total/avail): 1247.61 MiB / 910.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1820.82 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 1.23 GiB free.
D: is Fixed (NTFS) - 55.55 GiB total, 7.1 GiB free.
E: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 55.55 GiB - D:

\\.\PHYSICALDRIVE1 - Sony MSC-U03 USB Device - 949.15 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 949.82 MiB - G:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VALUED-4DA88152
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\VALUED-4DA88152
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VALUED-4DA88152
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Michael (admin)
Meredith (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> D:\Program Files D Drive\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03FD-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69A0D256-A72C-4C33-9413-E1C0174CA7F4}\Setup.exe" -l0x9
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600 --> "C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon MP600 User Registration --> C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Chessmaster 9000 --> C:\WINDOWS\IsUninst.exe -f"d:\program files d drive\ChessMaster9000\CM9kUninst.isu"
Click to DVD 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CoreFLAC Audio Decoder+Source Filter (remove only) --> "C:\WINDOWS\System32\CoreFLACDecoder-uninstall.exe"
DivX Codec --> D:\Program Files D Drive\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\Program Files D Drive\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\Program Files D Drive\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files D Drive\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files D Drive\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eMusic Download Manager --> C:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Giga Pocket 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41D71ACB-70B9-430F-9C44-5A981FF4F773}\Setup.exe"
Giga Pocket Demo Movie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F6D8E57-4386-40CB-AEA1-12CA1E422BA9}\Setup.exe"
Giga Pocket Hardware Library 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6ED96F2-0658-426B-9213-437212C347F0}\Setup.exe"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "D:\Program Files D Drive\HijackThis.exe" /uninstall
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
IZArc 3.81 --> "D:\Program Files D Drive\IZArc\unins000.exe"
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\Michael\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_6420d\Setup.exe /APR-REMOVE
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Messageware Plus Pack Base Component --> MsiExec.exe /I{C365ACC1-D32A-4552-A246-38DE4EF40DC6}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Project 98 --> C:\Program Files\Microsoft Office\Office\Setup\AcmePrj.exe /w prj98.stf
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Michael\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsz.inf
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-03-18-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-03-18-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe"
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\Setup.exe" -l0x9
QuickBooks Pro 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SideStep --> regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_814E104D\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_814E104D
SonicStage 1.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony on Yahoo! Essentials --> C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Sony USB Mouse --> PMUninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy --> "D:\Program Files D Drive\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9
VAIO Media Redistribution 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Remote Commander Utility 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4570E5E0-62A2-48BD-87F3-EB7232EC4558}\Setup.exe"
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
Verizon Online --> C:\WINDOWS\System32\VerizonUninstaller.exe
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Firewire HID Driver --> MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
WebFastConnect --> C:\WINDOWS\k02okon8.exe -WebFastConnect
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\COMMON~1\VERIZO~1\Yahoo\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Anti-virus --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type230 / Warning
Event Submitted/Written: 06/28/2008 11:48:06 AM / 06/28/2008 11:48:07 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type221 / Warning
Event Submitted/Written: 06/28/2008 00:19:22 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type164 / Error
Event Submitted/Written: 06/25/2008 10:04:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x01c81f1f.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type155 / Warning
Event Submitted/Written: 06/25/2008 01:15:26 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type145 / Warning
Event Submitted/Written: 06/24/2008 09:07:19 PM
Event ID/Source: 1524 / Userenv
Event Description:

#6
fenzodahl512

Posted 28 June 2008 - 10:45 AM

Malware Removal
9,863 posts

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

#7
decane

Posted 28 June 2008 - 10:48 AM

Member

Topic Starter
Member
105 posts

It looks like the second file was cut-off.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 509.48 MiB / 166.13 MiB
Pagefile Memory (total/avail): 1247.61 MiB / 910.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1820.82 MiB

C: is Fixed (NTFS) - 13.97 GiB total, 1.23 GiB free.
D: is Fixed (NTFS) - 55.55 GiB total, 7.1 GiB free.
E: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - IC25N080ATMR04-0 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 13.97 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 55.55 GiB - D:

\\.\PHYSICALDRIVE1 - Sony MSC-U03 USB Device - 949.15 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 949.82 MiB - G:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VALUED-4DA88152
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\VALUED-4DA88152
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=VALUED-4DA88152
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Michael (admin)
Meredith (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> D:\Program Files D Drive\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03FD-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69A0D256-A72C-4C33-9413-E1C0174CA7F4}\Setup.exe" -l0x9
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600 --> "C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon MP600 User Registration --> C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Chessmaster 9000 --> C:\WINDOWS\IsUninst.exe -f"d:\program files d drive\ChessMaster9000\CM9kUninst.isu"
Click to DVD 1.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C2F71B2-6C73-11D6-B659-00C04F790F76}\setup.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CoreFLAC Audio Decoder+Source Filter (remove only) --> "C:\WINDOWS\System32\CoreFLACDecoder-uninstall.exe"
DivX Codec --> D:\Program Files D Drive\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> D:\Program Files D Drive\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> D:\Program Files D Drive\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files D Drive\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files D Drive\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag'n Drop CD+DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DDC146FA-73E0-4FA1-A353-841EA14BF600}\Setup.exe" -l0x9 deleteall
DVgate Plus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eMusic Download Manager --> C:\Program Files\InstallShield Installation Information\{48FEB597-0410-4A17-B134-0DEF3083B944}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Giga Pocket 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41D71ACB-70B9-430F-9C44-5A981FF4F773}\Setup.exe"
Giga Pocket Demo Movie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F6D8E57-4386-40CB-AEA1-12CA1E422BA9}\Setup.exe"
Giga Pocket Hardware Library 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6ED96F2-0658-426B-9213-437212C347F0}\Setup.exe"
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "D:\Program Files D Drive\HijackThis.exe" /uninstall
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\Setup.exe" -l0x9
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
IZArc 3.81 --> "D:\Program Files D Drive\IZArc\unins000.exe"
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\Michael\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_6420d\Setup.exe /APR-REMOVE
LAN-Express AS IEEE 802.11 Wireless LAN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Messageware Plus Pack Base Component --> MsiExec.exe /I{C365ACC1-D32A-4552-A246-38DE4EF40DC6}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Project 98 --> C:\Program Files\Microsoft Office\Office\Setup\AcmePrj.exe /w prj98.stf
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MoodLogic --> C:\WINDOWS\ml-uninstall-v10.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Michael\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netscape (7.02) --> C:\WINDOWS\NSUninst.exe /ua "7.02 (en)"
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvsz.inf
oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenMG Limited Patch 3.2-03-02-21-08 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-02-21-08\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-03-18-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-03-18-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.2-03-04-14-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.2-03-04-14-02\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62F33B80-6244-4A70-A233-0DA13B640364}\Setup.exe" -l0x9 UNINSTALL
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PictureGear Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\setup.exe"
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\Setup.exe" -l0x9
QuickBooks Pro 2008 --> msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SideStep --> regsvr32 /u /s "C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1039&DEV_7013&SUBSYS_814E104D\HXFSETUP.EXE -U -IVEN_1039&DEV_7013&SUBSYS_814E104D
SonicStage 1.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\Setup.exe" -l0x9
Sony on Yahoo! Essentials --> C:\Program Files\Yahoo!\unwise.exe C:\progra~1\yahoo!\install.log
Sony USB Mouse --> PMUninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
Sony Video Shared Library --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy --> "D:\Program Files D Drive\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9
VAIO Media Redistribution 2.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Remote Commander Utility 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4570E5E0-62A2-48BD-87F3-EB7232EC4558}\Setup.exe"
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
Verizon Online --> C:\WINDOWS\System32\VerizonUninstaller.exe
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Firewire HID Driver --> MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
WebFastConnect --> C:\WINDOWS\k02okon8.exe -WebFastConnect
Welcome to VAIO life --> "C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\COMMON~1\VERIZO~1\Yahoo\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Anti-virus --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type230 / Warning
Event Submitted/Written: 06/28/2008 11:48:06 AM / 06/28/2008 11:48:07 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type221 / Warning
Event Submitted/Written: 06/28/2008 00:19:22 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type164 / Error
Event Submitted/Written: 06/25/2008 10:04:27 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x01c81f1f.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type155 / Warning
Event Submitted/Written: 06/25/2008 01:15:26 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type145 / Warning
Event Submitted/Written: 06/24/2008 09:07:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type58840 / Error
Event Submitted/Written: 06/28/2008 11:54:53 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type58839 / Error
Event Submitted/Written: 06/28/2008 11:53:28 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type58818 / Error
Event Submitted/Written: 06/28/2008 08:30:32 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec Network Drivers Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type58817 / Error
Event Submitted/Written: 06/28/2008 08:29:05 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The mrtRate service failed to start due to the following error:
%%2

Event Record #/Type58808 / Warning
Event Submitted/Written: 06/27/2008 10:56:47 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-06-28 12:30:17 ------------

#8
fenzodahl512

Posted 28 June 2008 - 10:51 AM

Malware Removal
9,863 posts

Thank you for your concern

Please follow my previous instruction and post the requested log here

#9
decane

Posted 28 June 2008 - 11:10 AM

Member

Topic Starter
Member
105 posts

I downloaded ComboxFix, but I'm not sure if I already have the recovery console.

Also, I have a laptop so I don't have the XP disk. It was pre-installed.

Finally I want to the microsoft website and they don't have the recovery console for XP SP3. Should I download the XP SP2 recovery console or just proceed with the combofix.

#10
decane

Posted 28 June 2008 - 11:27 AM

Member

Topic Starter
Member
105 posts

I had to recover my laptop a few years ago so I guess it is already installed so I'm going to go ahead with the combo fix.

#11
fenzodahl512

Posted 28 June 2008 - 11:30 AM

Malware Removal
9,863 posts

I had to recover my laptop a few years ago so I guess it is already installed so I'm going to go ahead with the combo fix.

#12
decane

Posted 28 June 2008 - 11:51 AM

Member

Topic Starter
Member
105 posts

I guess I don't have the console installed.

ComboFix 08-06-20.4 - Michael 2008-06-28 13:30:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.242 [GMT -4:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Temp\gbRve12
C:\Temp\isgTi19
C:\Temp\vtmp2
C:\WINDOWS\BMffb68ce5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\afoavkma.ini
C:\WINDOWS\system32\eLnoYcdd.ini
C:\WINDOWS\system32\eLnoYcdd.ini2
C:\WINDOWS\system32\exewvble.ini
C:\WINDOWS\system32\jQAcJRqr.ini
C:\WINDOWS\system32\jQAcJRqr.ini2
C:\WINDOWS\system32\lwgassnq.ini
C:\WINDOWS\system32\lwkfyiog.ini
C:\WINDOWS\system32\lyshmeid.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nyeiogyd.ini
C:\WINDOWS\system32\owkgwfvk.ini
C:\WINDOWS\system32\pifmowpp.ini
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\UxyIkRqr.ini
C:\WINDOWS\system32\UxyIkRqr.ini2
C:\WINDOWS\system32\vmss
C:\WINDOWS\system32\xIkRqBeg.ini
C:\WINDOWS\system32\xIkRqBeg.ini2
C:\WINDOWS\system32\xsmqyglm.ini

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-28 12:56 . 2008-06-28 12:56 661,504 --a--c--- C:\Combo Fix Table of Contents.doc
2008-06-28 12:21 . 2008-06-28 12:21 <DIR> d----c--- C:\Deckard
2008-06-22 23:44 . 2008-06-22 23:45 <DIR> d-------- C:\Program Files\Panda Security
2008-06-22 12:11 . 2008-06-22 12:11 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-22 12:10 . 2008-06-22 18:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-22 12:10 . 2008-06-22 12:10 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
2008-06-22 11:34 . 2008-06-22 11:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 11:34 . 2008-06-22 11:34 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2008-06-22 11:34 . 2008-06-22 11:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-22 11:34 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-22 11:34 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-22 11:33 . 2008-06-22 11:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-22 10:39 . 2008-06-22 10:39 <DIR> d----c--- C:\VundoFix Backups
2008-06-19 00:10 . 2008-06-22 12:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 23:45 . 2008-06-18 23:45 34,520 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-18 19:42 . 2008-06-18 20:33 <DIR> d-------- C:\Program Files\WebEx
2008-06-18 19:42 . 2008-06-18 20:25 36,864 --a------ C:\Documents and Settings\Michael\atwbxdet.dll
2008-06-18 18:30 . 2008-06-18 18:30 <DIR> d-------- C:\Program Files\Bonjour
2008-06-18 17:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-18 17:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-18 01:13 . 2008-06-18 01:13 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Template
2008-06-18 00:26 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-18 00:26 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-18 00:26 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-18 00:26 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-18 00:26 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-18 00:25 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-18 00:25 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-18 00:25 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-18 00:25 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-17 23:40 . 2008-06-17 23:40 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 23:00 . 2008-06-15 23:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-15 23:00 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-15 22:59 . 2008-06-15 22:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-15 22:53 . 2008-06-15 22:53 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-14 01:14 . 2008-04-23 00:16 826,368 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-14 01:11 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 01:09 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-14 01:03 . 2008-06-15 22:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-14 01:03 . 2008-06-14 01:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-14 00:44 . 2008-06-14 00:44 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-14 00:44 . 2008-06-14 00:44 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-14 00:44 . 2008-06-14 00:44 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-14 00:07 . 2008-04-13 20:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-06-14 00:06 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-13 21:21 . 2008-06-13 21:21 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-13 21:21 . 2008-06-14 00:44 <DIR> d-------- C:\WINDOWS\peernet
2008-06-13 21:17 . 2008-06-14 00:44 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-13 21:08 . 2008-06-14 00:25 <DIR> d-------- C:\WINDOWS\EHome
2008-06-11 18:46 . 2008-06-11 18:46 51,304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2008-06-08 19:34 . 2008-06-08 23:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 22:35 . 2008-06-01 22:35 <DIR> d-------- C:\Documents and Settings\Meredith\Application Data\AdobeUM
2008-05-31 08:23 . 2008-06-01 08:24 87,100 --ahs---- C:\WINDOWS\system32\feivwytj.ini
2008-05-29 23:29 . 2008-05-31 08:20 85,860 --ahs---- C:\WINDOWS\system32\nkyyfxqj.ini
2008-05-28 23:27 . 2003-08-07 13:52 <DIR> d----c--- C:\Documents and Settings\Administrator\WINDOWS
2008-05-28 23:27 . 2003-08-07 17:45 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-05-28 23:27 . 2003-08-07 20:07 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-05-28 23:27 . 2008-06-19 07:22 <DIR> d----c--- C:\Documents and Settings\Administrator
2008-05-28 10:07 . 2008-05-28 22:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:36 95,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-28 17:36 453,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 17:36 33,571,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-28 17:36 1,000,224 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-27 21:20 4,099,584 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-06-25 05:16 1,031,168 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-06-20 21:41 660,992 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-20 21:41 4,048,384 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-06-19 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-19 00:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-18 23:06 --------- d-----w C:\Program Files\Symantec
2008-06-18 23:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-18 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 22:59 --------- d-----w C:\Program Files\Microsoft Money
2008-06-18 22:40 --------- d-----w C:\Program Files\Lavasoft
2008-06-18 22:34 --------- d-----w C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-06-18 05:18 3,988,992 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-18 00:27 3,949,056 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-16 11:36 3,945,472 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-16 03:35 --------- d-----w C:\Program Files\iTunes
2008-06-16 03:34 --------- d-----w C:\Program Files\iPod
2008-06-16 03:19 --------- d-----w C:\Program Files\Apple Software Update
2008-06-16 03:18 784,384 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-06-16 03:12 --------- d-----w C:\Program Files\QuickTime
2008-06-14 03:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 03:36 --------- d-----w C:\Program Files\Common Files\Real
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:40 --------- d-----w C:\Program Files\imGiant
2008-06-12 05:27 34,816 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-06-12 05:27 3,834,880 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-06-12 04:37 193,536 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-06-11 04:29 32,256 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-06-11 01:20 92,160 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-06-10 01:03 82,432 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-06-10 01:03 3,827,712 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-06-09 05:23 495,616 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-06-08 20:49 5,292,543 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-08 20:36 27,136 ----a-w C:\WINDOWS\Internet Logs\xDB13DB.tmp
2008-06-08 16:49 452,608 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-06-08 16:49 3,806,208 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-06-04 04:12 2,833,920 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-06-02 21:49 3,687,424 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-05-31 13:15 --------- d-----w C:\Program Files\BitComet
2008-05-30 04:13 597,504 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-05-29 02:23 16,779,761 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_05_28_21_13_34_full.dmp.zip
2008-05-28 19:37 556,032 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2008-05-28 14:08 --------- d-----w C:\Documents and Settings\Michael\Application Data\Lavasoft
2008-05-27 00:09 3,644,928 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2008-05-24 16:32 1,208,832 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-05-15 21:25 217,600 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-05-14 21:45 1,453,056 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 22:59 --------- d-----w C:\Documents and Settings\Michael\Application Data\AdobeUM
2008-05-07 16:29 2,405,888 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 23:46 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2008-04-20 12:48 208,896 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2008-04-18 13:47 1,007,104 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2008-04-17 11:51 3,614,208 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 376,832 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-13 21:01 3,615,232 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2008-04-13 21:01 14,848 -c--a-w C:\Cume.exe
2008-04-12 13:25 14,848 -c--a-w C:\dYVO.exe
2008-04-11 07:02 3,619,328 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2008-04-11 07:02 1,584,640 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2008-04-03 16:57 27,554,704 -c--a-w C:\zaAvSetup_70_470_000_en.exe
2008-03-29 05:18 774,656 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2008-03-29 05:18 3,613,184 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2005-12-17 05:31 42,028,382 ----a-w C:\Program Files\NIS06900.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AB3A2C8-6237-43BE-A16F-8C48D33E4741}]
C:\WINDOWS\System32\rqRJcAQj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{303477A6-F9AE-4ED7-8E8A-9F492B8CA82B}]
C:\WINDOWS\System32\ddcYonLe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554D06CB-75C0-43F4-821C-2BAF86D85124}]
C:\WINDOWS\System32\rqRkIyxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{671bd52f-69ad-48a9-aa33-2f8c27965290}]
C:\WINDOWS\System32\aqhvonpc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AC2D634-0D43-47DF-AF9F-364C2589FB7E}]
C:\WINDOWS\System32\geBqRkIx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7EDE424-D0A6-405D-8531-1EDFCD07DEF8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC8CF027-34ED-3136-E2A9-1B6471DD4DB5}]
C:\WINDOWS\System32\jxjnpx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fazdz"="C:\WINDOWS\System32\w?wexec.exe" [2002-08-29 08:00 10368]
"QuickenScheduledUpdates"="C:\Program Files\Quicken\bagent.exe" [2007-05-07 14:17 87592]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"SpybotSD TeaTimer"="D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 18:51 4612096]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 19:00 90112]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29 40960]
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"WD Button Manager"="WDBtnMgr.exe" [2006-09-24 14:31 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 21:30 1191936]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-03-07 15:29:50 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-09-12 111376]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 07:05:56 65588]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-12 51984]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [2003-08-07 17:45:44 872448]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 09:38:44 972064]
Remocon Driver.lnk - C:\Program Files\Sony\USBSircs\usbsircs.exe [2004-09-11 00:44:05 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjjge]
ssqQjjge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk
backup=C:\WINDOWS\pss\Timer Recording Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-06-13 18:52 114688 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMffb68ce5]
C:\WINDOWS\System32\elwjqyrk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fc85bf79]
C:\WINDOWS\System32\diemhsyl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 19:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
--a------ 2003-03-26 21:19 45056 C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
--a------ 2003-06-23 20:32 1409024 c:\program files\support.com\client\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2003-03-13 17:19]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 15:59]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 21:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 13:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 21:07:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 05:33:25 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 13:41:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [592]
??\C:\WINDOWS\system32\csrss.exe [656]
??\C:\WINDOWS\system32\winlogon.exe [716]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [796]
C:\WINDOWS\system32\svchost.exe [1020]
C:\WINDOWS\system32\svchost.exe [1112]
C:\WINDOWS\System32\svchost.exe [1196]
C:\WINDOWS\System32\svchost.exe [1268]
C:\WINDOWS\system32\svchost.exe [1332]
D:\Program Files D Drive\aawservice.exe [1892]
C:\WINDOWS\system32\spoolsv.exe [1492]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [304]
C:\Program Files\Bonjour\mDNSResponder.exe [552]
C:\Program Files\sony\giga pocket\shwserv.exe [260]
C:\WINDOWS\System32\nvsvc32.exe [872]
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [1292]
C:\WINDOWS\System32\svchost.exe [164]
C:\WINDOWS\System32\wdfmgr.exe [148]
C:\Program Files\Sony\giga pocket\RM_SV.exe [2356]
C:\WINDOWS\system32\wscntfy.exe [2468]
C:\WINDOWS\System32\alg.exe [2576]
C:\WINDOWS\system32\CF15557.exe [3040]
C:\Program Files\Sony\HotKey Utility\HKserv.exe [3800]
C:\WINDOWS\System32\ezSP_Px.exe [3844]
C:\WINDOWS\system32\WDBtnMgr.exe [3980]
C:\Program Files\Sony\HotKey Utility\HKWnd.exe [3996]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [4000]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [4032]
C:\Program Files\iTunes\iTunesHelper.exe [364]
C:\Program Files\Quicken\bagent.exe [1824]
C:\WINDOWS\system32\ctfmon.exe [1848]
C:\Program Files\iPod\bin\iPodService.exe [2696]
C:\WINDOWS\System32\wbem\wmiprvse.exe [632]
C:\WINDOWS\explorer.exe [616]
C:\ComboFix\catchme.cfexe [2516]
.
**************************************************************************
.
Completion time: 2008-06-28 13:48:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-28 17:48:23

Pre-Run: 1,168,048,128 bytes free
Post-Run: 1,048,289,280 bytes free

346 --- E O F --- 2008-06-25 01:08:20

#13
decane

Posted 28 June 2008 - 11:59 AM

Member

Topic Starter
Member
105 posts

New Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:58:35 PM, on 6/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files D Drive\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files D Drive\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\MICHAEL\Application Data\Mozilla\Profiles\default\s3h4x0tm.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0AB3A2C8-6237-43BE-A16F-8C48D33E4741} - C:\WINDOWS\System32\rqRJcAQj.dll (file missing)
O2 - BHO: (no name) - {303477A6-F9AE-4ED7-8E8A-9F492B8CA82B} - C:\WINDOWS\System32\ddcYonLe.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {554D06CB-75C0-43F4-821C-2BAF86D85124} - C:\WINDOWS\System32\rqRkIyxU.dll (file missing)
O2 - BHO: {09256972-c8f2-33aa-9a84-da96f25db176} - {671bd52f-69ad-48a9-aa33-2f8c27965290} - C:\WINDOWS\System32\aqhvonpc.dll (file missing)
O2 - BHO: (no name) - {6AC2D634-0D43-47DF-AF9F-364C2589FB7E} - C:\WINDOWS\System32\geBqRkIx.dll (file missing)
O2 - BHO: (no name) - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - (no file)
O2 - BHO: (no name) - {F7EDE424-D0A6-405D-8531-1EDFCD07DEF8} - (no file)
O2 - BHO: (no name) - {FC8CF027-34ED-3136-E2A9-1B6471DD4DB5} - C:\WINDOWS\System32\jxjnpx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Fazdz] C:\WINDOWS\System32\w?wexec.exe
O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files D Drive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: ChatSpace Java Client 4.0.0.325 - http://chat.scout.co...va/cms40325.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02a.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} (myax Control) - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1213760249984
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mindbodyonli...ort/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17B862B6-8450-4D45-8B32-78FC1B919154}: NameServer = 209.137.160.7,209.137.171.10
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: ssqQjjge - ssqQjjge.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files D Drive\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Perssv - Primax Electronics Ltd. - (no file)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12242 bytes

#14
fenzodahl512

Posted 28 June 2008 - 07:22 PM

Malware Removal
9,863 posts

Installing Recovery Console:

It appears your computer has no Recovery Console installed. We need to install Recovery Console first before proceed to our next fix. Please do the following..

Please go to Microsoft's website => HERE
Select the download that's appropriate for your Operating System : Microsoft Windows XP Home Edition Service Pack 2 (SP2)

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

After successfully install Recovery Console, a pop-on will appear asking to run ComboFix, please select NO.

NEXT

1. Please open Notepad

Click Start, then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\feivwytj.ini
C:\WINDOWS\system32\nkyyfxqj.ini
C:\Cume.exe
C:\dYVO.exe
C:\WINDOWS\System32\rqRJcAQj.dll
C:\WINDOWS\System32\ddcYonLe.dll
C:\WINDOWS\System32\aqhvonpc.dll
C:\WINDOWS\System32\geBqRkIx.dll
C:\WINDOWS\System32\jxjnpx.dll
C:\WINDOWS\System32\w?wexec.exe
C:\WINDOWS\System32\elwjqyrk.dll
C:\WINDOWS\System32\diemhsyl.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjjge]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AB3A2C8-6237-43BE-A16F-8C48D33E4741}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{303477A6-F9AE-4ED7-8E8A-9F492B8CA82B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554D06CB-75C0-43F4-821C-2BAF86D85124}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{671bd52f-69ad-48a9-aa33-2f8c27965290}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AC2D634-0D43-47DF-AF9F-364C2589FB7E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7EDE424-D0A6-405D-8531-1EDFCD07DEF8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC8CF027-34ED-3136-E2A9-1B6471DD4DB5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMffb68ce5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fc85bf79]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fazdz"=-

3. Save the above as CFScript.txt in your Desktop.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image