Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

undiagnosed virus - malwarebytes Anti-malware fails to run [Solved]

Started by howiec , Feb 02 2009 11:02 AM

This topic is locked

#1
howiec

Posted 02 February 2009 - 11:02 AM

New Member

Member
8 posts

Hello,I'm stuck.

I followed the preparation work, downloading files to a memory stick and transferring them to the 'sick' computers desktop, as the virus is allowing some internet functionality (firefox and IE) but blocks all antivirus sites and forums.

Symptoms

search engine (google, yahoo) are hijacked opening spurious sites, often offering virus fixes.

avg will not update online, i have used 'update from directory', but subsequent scan finds no threats.

System restore will not work.

installing malwarebytes didn't finish cleanly and loads but doesn't run, mbam.exe process listed in taskmanager but no activity (same in safe mode)

Hijackthislog follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:16, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Keyboard Closure Setup.lnk = C:\Program Files\sony\keyboard closure setup\KSWServ.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Buyertools Reminder\\preispiraten.html
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1193774205218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193786837953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media DB Sync Service (VAIOMediaDBSyncService) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12281 bytes

Uninstall list

Acronis True Image Home
Adobe Acrobat Elements 6.0
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Reader 8.1.3
Agere Systems AC'97 Modem
Apple Software Update
AudibleManager
AVG Free 8.0
CD+G Disc Player Plug-In for Winamp
CDex extraction audio
Click to DVD 1.4.05
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative Zen Vision M
Disc2Phone
Drag'n Drop CD+DVD
DVgate Plus
ERUNT 1.1j
Flash Renamer 6.1
Free M4a to MP3 Converter 6.0
FUJIFILM USB Driver
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
HP Drive Key Boot Utility
HP PSC & OfficeJet 4.2
HP Software Update
Internet Orange Synchronisation
InterVideo WinDVD 5 for VAIO
Java 2 Runtime Environment, SE v1.4.2_01
Keyboard Closure Setup 1.3.02
LegalSounds Music Downloader 1.4
Magic ISO Maker v5.5 (build 0273)
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Outlook 2002
Microsoft Publisher 2000 SR-1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MixMeister BPM Analyzer 1.0
MixMeister Express 6
MixMeister Fusion 7.2.2
MoodLogic
Mozilla Firefox (3.0.5)
MP3 Player Recovery Tool
Mp3 Tag Tools v1.2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Music Visualizer Library 1.4.00
neroxml
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Orange Search Toolbar
overland
PCDJ VJ
PCSleek Free Error Cleaner
PHOTOfunSTUDIO -viewer-
PictureGear Studio 2.0
Power CD+G Burner
QuickBooks SimpleStart Edition
Quicken 2004
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SiS Compatible VGA V2.21a
SiS VGA Utilities
SiSAGP driver
SonicStage 4.3
Sony Video Shared Library
SupportSoft Assisted Service
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VAIO Action Setup
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Entertainment Platform
VAIO Media 2.5
VAIO Media Integrated Server 4.1
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Registration Tool 4.0
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO System Information
WavePad Uninstall
Winamp
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
ZENcast Organizer

I hope someone will recognise the problem and be able to help

Many thanks

Howiec

#2
handhfan

Posted 03 February 2009 - 07:26 PM

Trusted Helper

Expert
13,659 posts

Hello, howiec, and welcome to GeeksToGo!

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#3
howiec

Posted 04 February 2009 - 02:10 AM

New Member

Topic Starter
Member
8 posts

Good Morning

Thanks for your prompt reply, I notice we have a time difference.

the malware blocks all useful internet traffic. luckily In have a clean (hopefully) laptop and transfer downloads to my sick desktop using a flashdrive.
combofix would not run, so i downloaded it again and saved it as combo-fix (i read this somewhere), it worked and here are the logs.

Current status is looking good, I rebooted and waited for an automatic scandisk, reinstated avg sheild and reconnected to internet, avg updated ok. I have to work now but have left avg running a full scan with the internet unplugged as a precaution.

I'll try to get back around 10.00am your time

Many thanks

Howiec

ComboFix 09-02-02.04 - Howard Cox 2009-02-04 7:18:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.582 [GMT 0:00]
Running from: c:\documents and settings\Howard Cox\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSiyvv.sys
c:\windows\system32\TDSSacgr.dll
c:\windows\system32\TDSSeckv.log
c:\windows\system32\TDSShrta.dll
c:\windows\system32\TDSSicen.dll
c:\windows\system32\TDSSiykj.dll
c:\windows\system32\TDSSljvt.dat
c:\windows\system32\TDSSmhja.log
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSpqhc.dll
c:\windows\system32\TDSSqxul.dll
c:\windows\system32\winitn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-03 11:11 . 2009-02-03 11:10 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-03 11:11 . 2009-02-03 11:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 10:37 . 2009-02-03 10:37 <DIR> d-------- c:\program files\Kontiki
2009-02-03 10:37 . 2009-02-03 10:37 <DIR> d-------- C:\logs3
2009-02-03 10:37 . 2009-02-04 07:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kontiki
2009-02-03 10:36 . 2009-02-03 10:36 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-03 10:32 . 2009-02-03 10:32 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-02 16:35 . 2009-02-02 16:35 <DIR> d-------- c:\program files\Trend Micro
2009-02-02 15:29 . 2009-02-02 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:29 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:29 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 12:27 . 2009-02-02 16:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 11:56 . 2009-02-02 11:56 <DIR> d-------- c:\program files\ERUNT
2009-02-01 12:44 . 2009-02-01 12:44 <DIR> d-------- c:\program files\Panda Security
2009-01-31 13:22 . 2009-01-31 13:22 <DIR> d-------- c:\program files\KJ File Manager
2009-01-31 08:18 . 2009-01-31 08:18 0 --ah----- c:\windows\SwSys2.bmp
2009-01-31 08:18 . 2009-01-31 08:18 0 --ah----- c:\windows\SwSys1.bmp
2009-01-31 08:16 . 2009-01-31 08:16 <DIR> d-------- c:\program files\Digital1Audio
2009-01-28 11:25 . 2009-01-28 11:26 <DIR> d-------- c:\program files\MixMeister Fusion 7.2.2
2009-01-27 23:31 . 2009-01-27 23:31 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-26 11:19 . 2009-01-26 11:19 17,134 --a------ c:\windows\system32\PCANDIS5.sys
2009-01-25 17:48 . 2009-01-25 17:48 <DIR> d-------- c:\documents and settings\Harriet Cox\Application Data\Windows Desktop Search
2009-01-25 07:36 . 2009-01-25 07:49 <DIR> d-------- c:\documents and settings\Howard Cox\Application Data\uTorrent
2009-01-24 13:04 . 2009-01-24 13:04 <DIR> d-------- c:\program files\Common Files\Doblon
2009-01-22 08:11 . 2009-01-22 08:11 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-01-22 07:50 . 2006-04-12 11:11 1,933,312 --a------ c:\windows\system32\cdintf251.dll
2009-01-22 07:47 . 2009-01-22 07:47 <DIR> d-------- c:\program files\Common Files\AnswerWorks 4.0
2009-01-22 07:46 . 2009-01-22 07:46 <DIR> d-------- c:\program files\Intuit
2009-01-22 07:46 . 2009-01-22 07:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
2009-01-21 23:23 . 2009-01-21 23:23 <DIR> d-------- c:\program files\Flash Renamer
2009-01-21 23:23 . 2009-01-21 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\RL Vision
2009-01-21 23:23 . 2008-07-09 20:42 102,400 --a------ c:\windows\system32\FlashRenHelper.dll
2009-01-21 23:23 . 2006-05-28 14:59 28,672 --a------ c:\windows\system32\FolderWatcher.dll
2009-01-21 23:23 . 2005-04-07 20:48 17,804 --a------ c:\windows\system32\shlctxmnu.tlb
2009-01-21 23:23 . 1999-01-26 21:36 11,012 --a------ c:\windows\system32\threadapi.tlb
2009-01-20 15:19 . 2009-01-20 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-01-20 00:31 . 2009-01-20 00:23 104,437 --------- c:\windows\hpoins04.dat.temp
2009-01-20 00:31 . 2004-06-22 08:04 17,176 --------- c:\windows\hpomdl04.dat.temp
2009-01-19 23:49 . 2009-01-20 09:50 <DIR> d-------- C:\temp
2009-01-19 16:24 . 2008-04-14 01:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-01-19 16:24 . 2008-04-14 01:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-01-19 16:23 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-19 16:23 . 2008-04-13 19:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-01-19 14:15 . 2001-07-21 18:38 404,154 --a------ c:\windows\system32\drivers\DSPCLI.BIN
2009-01-18 21:30 . 2009-01-18 21:30 <DIR> d-------- c:\documents and settings\Howard Cox\Application Data\Uniblue
2009-01-18 15:52 . 2009-01-18 15:52 <DIR> d-------- c:\program files\Free M4a to MP3 Converter
2009-01-18 15:47 . 2008-11-11 15:05 23,096 --a------ c:\windows\system32\drivers\SndTAudio.sys
2009-01-17 13:51 . 2009-01-17 13:51 <DIR> d-------- c:\program files\Support Tools
2009-01-17 13:25 . 2009-01-17 13:25 <DIR> d-------- C:\Update
2009-01-17 13:00 . 2009-01-18 21:44 <DIR> d-------- c:\program files\SoundTaxi
2009-01-17 12:33 . 2008-11-11 15:05 3,768 --a------ c:\windows\system32\drivers\SndTVideo.sys
2009-01-17 12:30 . 2009-01-17 12:30 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-17 12:05 . 2009-01-17 12:05 <DIR> d-------- c:\program files\AML Products
2009-01-17 12:05 . 2009-01-17 12:05 2,535,424 --a------ c:\windows\system32\agsaamj.dll
2009-01-17 12:05 . 2009-01-17 12:05 610,304 --a------ c:\windows\system32\agsaamg.dll
2009-01-17 12:05 . 2009-01-17 12:05 372,736 --a------ c:\windows\system32\agsaamc.dll
2009-01-17 12:05 . 2003-08-07 15:01 237,568 --a------ c:\windows\system32\lame_enc.dll
2009-01-17 12:05 . 2009-01-17 12:05 90,112 --a------ c:\windows\system32\agsaami.dll
2009-01-17 12:05 . 2009-01-17 12:05 53,760 --a------ c:\windows\system\ppacklib.dll
2009-01-17 12:05 . 2005-06-21 17:48 1 --a------ c:\windows\sslzdlt.dll
2009-01-16 17:27 . 2009-01-17 09:53 <DIR> d-------- c:\program files\MagicISO
2009-01-14 10:33 . 2009-01-14 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Latshaw Systems
2009-01-14 08:38 . 2009-01-14 08:38 <DIR> d-------- c:\documents and settings\Howard Cox\Application Data\Debs Karaoke Renamer
2009-01-11 23:39 . 2009-02-01 18:11 <DIR> d-------- c:\documents and settings\Howard Cox\Application Data\Azureus
2009-01-11 23:39 . 2009-01-11 23:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-01-11 23:37 . 2009-02-01 18:12 <DIR> d-------- c:\program files\Vuze
2009-01-11 23:37 . 2009-01-11 23:37 <DIR> d-------- c:\program files\Common Files\i4j_jres
2009-01-11 16:29 . 2009-01-15 18:55 <DIR> d-------- c:\program files\Winamp
2009-01-11 16:29 . 2009-01-11 16:30 <DIR> d-------- c:\documents and settings\Howard Cox\Application Data\Winamp
2009-01-09 19:15 . 2009-01-09 19:15 <DIR> d-------- c:\documents and settings\Jessica Cox\Application Data\Windows Desktop Search
2009-01-09 13:59 . 2009-01-09 13:59 <DIR> d-------- c:\documents and settings\Howard Cox\Application Data\Windows Search
2009-01-08 18:28 . 2009-01-08 18:28 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-08 18:27 . 2009-01-08 18:27 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-01-08 18:27 . 2009-01-08 18:27 <DIR> d-------- c:\program files\Windows Desktop Search
2009-01-08 18:25 . 2008-03-07 17:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-01-08 18:25 . 2008-03-07 17:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-01-08 18:25 . 2008-03-07 17:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-01-07 15:32 . 2009-01-07 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Acronis
2009-01-07 14:02 . 2009-01-07 14:02 971,552 --a------ c:\windows\system32\drivers\tdrpm174.sys
2009-01-07 14:02 . 2009-01-07 14:02 540,000 --a------ c:\windows\system32\drivers\timntr.sys
2009-01-07 14:02 . 2009-01-07 14:02 44,704 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-01-07 12:52 . 2009-02-02 11:31 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-06 11:45 . 2004-06-22 08:05 581,632 --a------ c:\windows\system32\hpotscl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 11:10 --------- d-----w c:\program files\Java
2009-02-03 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-01 18:14 --------- d-----w c:\program files\Quicken
2009-01-28 11:26 --------- d-----w c:\documents and settings\Howard Cox\Application Data\MixMeister Technology
2009-01-27 23:31 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-27 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-26 11:19 81,920 ----a-w c:\windows\system32\W32N50.dll
2009-01-24 13:04 --------- d-----w c:\program files\Doblon
2009-01-22 07:48 --------- d-----w c:\program files\Common Files\Intuit
2009-01-21 22:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-19 23:53 --------- d-----w c:\program files\HP
2009-01-19 13:54 --------- d-----w c:\program files\sony
2009-01-16 07:15 --------- d-----w c:\program files\Sony Ericsson
2009-01-16 07:14 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-01-15 16:22 --------- d-----w c:\program files\Common Files\cdrdao
2008-12-31 17:55 --------- d-----w c:\documents and settings\Linda Cox\Application Data\Teleca
2008-12-11 12:31 --------- d-----w c:\documents and settings\Howard Cox\Application Data\OfficeUpdate12
2008-12-11 11:22 --------- d-----w c:\program files\Avery
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 15:37 --------- d-----w c:\program files\Eidos Interactive
2008-12-09 13:47 --------- d-----w c:\program files\sisagp
2008-12-09 13:47 --------- d-----w c:\program files\SiS VGA Utilities V3.73
2008-12-09 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-12-05 17:00 --------- d-----w c:\program files\REGSHAVE
2008-11-27 11:47 10,240 ----a-w c:\windows\system32\RtNicProp32.dll
2007-10-30 19:02 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
2008-08-21 14:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082120080822\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-21 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 1415824]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-27 1601304]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 172032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 c:\windows\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2006-03-09 c:\windows\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Keyboard Closure Setup.lnk - c:\program files\sony\keyboard closure setup\KSWServ.exe [2004-01-05 90112]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-09-12 967960]
VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2009-01-19 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-27 23:31 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\videolib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-11 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-27 298264]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-01 53248]
R2 SonyKBS;Keyboard State Detection Service;c:\windows\system32\drivers\SonyKBS.sys [2003-02-28 7936]
R2 VAIOMediaDBSyncService;VAIO Media DB Sync Service;c:\program files\sony\VAIO Media Integrated Server\GPDBWatcher.exe [2007-10-31 790528]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-12-10 13352]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-01-18 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-01-17 3768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fe696d6-4e65-11dd-ad12-000ea6a8c972}]
\Shell\AutoRun\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91ab90d9-cdb8-11dc-b559-000ea6a8c972}]
\Shell\AutoRun\command - G:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
uInternet Settings,ProxyOverride = <local>
IE: &Preispiratensuche nach markiertem Text - c:\\Program Files\\Buyertools Reminder\\preispiraten.html
IE: &Search - ?p=ZU
IE: orange search - file://c:\program files\ORANGE3\Cache\SelectedContextSearch.htm
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
FF - ProfilePath - c:\documents and settings\Howard Cox\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Mininova-Vuze Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npBBCPlugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\nppdf32.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\NPSWF32.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 07:21:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-04 7:24:46
ComboFix-quarantined-files.txt 2009-02-04 07:23:30

Pre-Run: 9,025,015,808 bytes free
Post-Run: 9,078,341,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

249 --- E O F --- 2009-01-15 03:04:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:23, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Keyboard Closure Setup.lnk = C:\Program Files\sony\keyboard closure setup\KSWServ.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Buyertools Reminder\\preispiraten.html
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1193774205218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193786837953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media DB Sync Service (VAIOMediaDBSyncService) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13142 bytes

#4
handhfan

Posted 04 February 2009 - 02:19 AM

Trusted Helper

Expert
13,659 posts

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

#5
howiec

Posted 04 February 2009 - 06:51 AM

New Member

Topic Starter
Member
8 posts

Thanks, here is the log, by the way, I can now access geekstogo from mydesktop pc.

Acronis True Image Home
Adobe Acrobat Elements 6.0
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Reader 8.1.3
Agere Systems AC'97 Modem
Apple Software Update
AudibleManager
AVG Free 8.0
BBC iPlayer Download Manager
CD+G Disc Player Plug-In for Winamp
CDex extraction audio
Click to DVD 1.4.05
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative Zen Vision M
Disc2Phone
Drag'n Drop CD+DVD
DVgate Plus
ERUNT 1.1j
Flash Renamer 6.1
Free M4a to MP3 Converter 6.0
FUJIFILM USB Driver
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
HP Drive Key Boot Utility
HP PSC & OfficeJet 4.2
HP Software Update
Internet Orange Synchronisation
InterVideo WinDVD 5 for VAIO
Java 2 Runtime Environment, SE v1.4.2_01
Java™ 6 Update 11
Keyboard Closure Setup 1.3.02
LegalSounds Music Downloader 1.4
Magic ISO Maker v5.5 (build 0273)
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Outlook 2002
Microsoft Publisher 2000 SR-1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MixMeister BPM Analyzer 1.0
MixMeister Express 6
MixMeister Fusion 7.2.2
MoodLogic
Mozilla Firefox (3.0.5)
MP3 Player Recovery Tool
Mp3 Tag Tools v1.2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Music Visualizer Library 1.4.00
neroxml
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Orange Search Toolbar
overland
PCDJ VJ
PCSleek Free Error Cleaner
PHOTOfunSTUDIO -viewer-
PictureGear Studio 2.0
Power CD+G Burner
QuickBooks SimpleStart Edition
Quicken 2004
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SiS Compatible VGA V2.21a
SiS VGA Utilities
SiSAGP driver
SonicStage 4.3
Sony Video Shared Library
Spybot - Search & Destroy 1.4
SupportSoft Assisted Service
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VAIO Action Setup
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Entertainment Platform
VAIO Media 2.5
VAIO Media Integrated Server 4.1
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Registration Tool 4.0
VAIO Media Setup 2.5
VAIO Media Video Server 2.5
VAIO Online Registration (English)
VAIO Product Survey (English)
VAIO System Information
WavePad Uninstall
Winamp
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
ZENcast Organizer

#6
handhfan

Posted 04 February 2009 - 10:26 AM

Trusted Helper

Expert
13,659 posts

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE) JRE 6 Update 12.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u12-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u12-windows-i586-p.exe and select "Run as an Administrator.")

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java 2 Runtime Environment, SE v1.4.2_01
Java™ 6 Update 11

Please do an online scan with Kaspersky WebScanner

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply, along with the OTMoveIt3 log, and a new HijackThis log.

#7
howiec

Posted 04 February 2009 - 11:06 AM

New Member

Topic Starter
Member
8 posts

Hi

I have unistalled the java 6 updater 11 but I can't remove the version 2 installatio
it asks for the installation package and I don't have one?

any ideas?

#8
handhfan

Posted 04 February 2009 - 11:08 AM

Trusted Helper

Expert
13,659 posts

Not too important. You can skip it and move on to Kaspersky. The important one was downloading and installing the new Java.

#9
howiec

Posted 04 February 2009 - 09:43 PM

New Member

Topic Starter
Member
8 posts

wow, that took some time!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 04, 2009 18:02:47
Records in database: 1745379
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
O:\

Scan statistics:
Files scanned: 281931
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 05:21:53

File name / Threat name / Threats count
C:\Program Files\Orange\setup\Orange_icons.EXE Infected: not-a-virus:AdWare.Win32.BHO.ahy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSiyvv.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSacgr.dll.vir Infected: Backdoor.Win32.TDSS.atb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrta.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSicen.dll.vir Infected: Rootkit.Win32.TDSS.dbg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSiykj.dll.vir Infected: Backdoor.Win32.TDSS.blh 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:38:44, on 05/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Howard Cox\Local Settings\temp\jkos-Howard Cox\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Keyboard Closure Setup.lnk = C:\Program Files\sony\keyboard closure setup\KSWServ.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Buyertools Reminder\\preispiraten.html
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1193774205218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193786837953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media DB Sync Service (VAIOMediaDBSyncService) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13256 bytes

I don't know where to find #9 - OTMoveIt3 log, ?

howiec

#10
handhfan

Posted 04 February 2009 - 09:50 PM

Trusted Helper

Expert
13,659 posts

Sorry, you won't have those log until this step here.

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Processes
explorer.exe

:Files
C:\Program Files\Orange\setup\Orange_icons.EXE

:Commands
[emptytemp]
[start explorer]
[Reboot]
```
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post, along with a new HijackThis log.

Is your computer running better?

#11
howiec

Posted 05 February 2009 - 01:31 AM

New Member

Topic Starter
Member
8 posts

Thanks, have done that, logs below.

Avg ran overnight and found 5 of the six quarantined files, along with 5 infected system restore points, should I now get a clean restore point?

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Orange\setup\Orange_icons.EXE moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HOWARD~1\LOCALS~1\Temp\etilqs_eeKlid4IDBdiu7B9FkVc scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HOWARD~1\LOCALS~1\Temp\JET98D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HOWARD~1\LOCALS~1\Temp\~ROMFN_00000DF4 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETC18A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETC5EF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_72c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c28.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02052009_071539

Files moved on Reboot...
File C:\DOCUME~1\HOWARD~1\LOCALS~1\Temp\etilqs_eeKlid4IDBdiu7B9FkVc not found!
File C:\DOCUME~1\HOWARD~1\LOCALS~1\Temp\JET98D.tmp not found!
File C:\DOCUME~1\HOWARD~1\LOCALS~1\Temp\~ROMFN_00000DF4 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\JETC18A.tmp not found!
File C:\WINDOWS\temp\JETC5EF.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_72c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_c28.dat not found!
C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Howard Cox\Local Settings\Application Data\Mozilla\Firefox\Profiles\yx6cxsni.default\XUL.mfl moved successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:28:13, on 05/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\sony\keyboard closure setup\KSWServ.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Keyboard Closure Setup.lnk = C:\Program Files\sony\keyboard closure setup\KSWServ.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Buyertools Reminder\\preispiraten.html
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager...unttracking.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1193774205218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193786837953
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media DB Sync Service (VAIOMediaDBSyncService) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\GPDBWatcher.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12990 bytes

#12
handhfan

Posted 05 February 2009 - 10:36 AM

Trusted Helper

Expert
13,659 posts

The following will be clean up and prevention. So, you will be clearing Restore points by doing the cleanup.

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Make sure you have an Internet Connection.
Download OTCleanIt to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard gives you realtime protection from spyware.
Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!

#13
howiec

Posted 05 February 2009 - 11:07 AM

New Member

Topic Starter
Member
8 posts

AVG resident sheild gave me this warning when i ran the combofix /u

accessed file is infected
file name: trojan horse BackDoor.SmallX.VX

detected on open

process name: C:\32788R22FWJFW/Prep.com

prep.com then closed

what should I do?

#14
handhfan

Posted 05 February 2009 - 04:45 PM

Trusted Helper

Expert
13,659 posts

That's part of ComboFix. It's being detected by AVG as a false positive.

#15
howiec

Posted 07 February 2009 - 10:41 AM

New Member

Topic Starter
Member
8 posts

I disabled resident shield to uninstall combofix, then went through your preventative suggestions, everything seems fine now except a little sluggish starting up.

thanks for all your help with this

Howie c