Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google/IE Redirect

Started by sahilp , Aug 23 2009 04:30 PM

Please log in to reply

#1
sahilp

Posted 23 August 2009 - 04:30 PM

New Member

Member
7 posts

Seems to be a common problem on here. I read and followed the Malware Cleaning Guide and ran MBAM, RootRepeal and OTL. I realise that I should have posted the results from those there and waited for advice, but being (I'm sure foolishly) gung-ho, I read some other similar topics and went ahead and ran GMER, ROOKIT and Combifix as well. My computer boots up ok and as far as I can tell the redirecting problem seems to have gone away, for the moment at least. Can anyone help confirm this or tell me what else I need to do, please? Logs from the above programs:

MBAM:
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

23/08/2009 20:45:04
mbam-log-2009-08-23 (20-45-04).txt

Scan type: Quick Scan
Objects scanned: 88073
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.

RootRepeal:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 20:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000048
Image Path: \Driver\00000048
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4C2C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8ABA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: ejjjf.sys
Image Path: C:\WINDOWS\system32\drivers\ejjjf.sys
Address: 0xF4D15000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0989000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: kbiwkmxuwkbgko
Image Path: C:\WINDOWS\system32\drivers\kbiwkmobqjarlt.sys

==EOF==

OTL:

OTL logfile created on: 23/08/2009 20:58:40 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Sony\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.42 Mb Total Physical Memory | 72.57 Mb Available Physical Memory | 14.22% Memory free
1.22 Gb Paging File | 0.63 Gb Available in Paging File | 51.57% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 8.63 Gb Free Space | 30.88% Space Free | Partition Type: NTFS
Drive D: | 58.23 Gb Total Space | 7.02 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-844AEAC0A5
Current User Name: Sony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2004/08/06 17:43:12 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/08/06 17:45:44 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/23 15:17:59 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSvcCDA.EXE
PRC - [2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2005/04/03 21:34:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/08/06 17:42:36 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/09/30 11:54:20 | 00,150,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/08/23 15:18:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/23 15:18:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2004/10/25 10:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/08/23 15:18:01 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2004/10/25 10:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 10:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2009/08/23 15:18:12 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2004/09/21 19:54:20 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2004/10/21 20:12:48 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2004/07/06 15:15:38 | 00,040,960 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2002/03/14 17:46:58 | 00,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICO.EXE
PRC - [2004/02/20 15:12:34 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 09:21:28 | 00,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/10/08 22:08:50 | 00,212,992 | ---- | M] (MB-Soft) -- C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
PRC - [2005/11/08 23:00:38 | 00,128,920 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2008/01/15 04:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/02/27 17:56:54 | 01,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2009/08/23 15:18:02 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/07/02 17:16:20 | 00,393,216 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2003/07/30 02:52:00 | 00,217,195 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/02/26 03:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2004/10/29 10:32:06 | 03,547,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
PRC - [2004/08/04 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2004/07/28 16:39:30 | 00,962,661 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [1997/08/19 00:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
PRC - [2009/02/06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/10/05 13:32:26 | 00,434,176 | ---- | M] (OpenOffice.org) -- D:\Program Files\Open Office\program\soffice.exe
PRC - [2005/10/05 13:32:26 | 00,565,248 | ---- | M] (OpenOffice.org) -- D:\Program Files\Open Office\program\soffice.BIN
PRC - [2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/03 15:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/06/10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2009/08/19 20:54:22 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/23 19:48:55 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sony\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/23 15:18:01 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/23 15:17:59 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/08/06 17:43:12 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/02/27 17:56:54 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
SRV - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/04/03 21:34:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/06 17:42:36 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/08/06 17:45:44 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2004/08/23 14:02:58 | 00,139,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Stopped])
SRV - [2004/11/02 21:43:52 | 00,339,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler [On_Demand | Stopped])
SRV - [2004/10/25 10:35:34 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2004/09/30 11:54:20 | 00,150,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2004/10/01 14:46:34 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2004/06/16 03:41:06 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2004/08/05 16:45:26 | 00,397,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe -- (VCI [Auto | Stopped])
SRV - [2004/10/25 10:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2004/10/25 10:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2004/10/25 10:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/19 22:21:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/23 15:17:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/19 20:54:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/19 20:54:38 | 00,000,000 | ---D | M]

[2008/09/02 18:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Extensions
[2008/09/02 18:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/23 16:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions
[2007/03/19 22:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\{69087485-8EDE-4a6c-91BE-6B882EB268A5}
[2009/08/22 11:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/06 19:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/02/11 20:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\[email protected]
[2009/08/23 16:01:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/18 18:50:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/22 21:11:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/21 18:50:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/05/05 15:17:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/21 21:10:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/19 20:54:19 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/19 20:54:19 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/09/09 00:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/02/27 17:57:38 | 00,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2009/08/19 20:54:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/19 20:54:30 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/19 20:54:30 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/19 20:54:30 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/19 20:54:30 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/19 20:54:30 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/19 20:54:30 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/19 20:54:30 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/19 20:54:30 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [adiras] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe (MB-Soft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Sony\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = D:\Program Files\Open Office\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/15 14:34:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eb93699c-3efd-11dd-bbad-000e35f02162}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/23 20:30:35 | 53,528,5760 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/23 20:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sony\Application Data\Malwarebytes
[2009/08/23 20:10:21 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 20:10:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 20:10:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 20:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 20:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/23 20:07:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/23 20:07:17 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Sony\Desktop\NTREGOPT.lnk
[2009/08/23 20:07:17 | 00,000,596 | ---- | C] () -- C:\Documents and Settings\Sony\Desktop\ERUNT.lnk
[2009/08/23 20:07:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/23 19:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sony\My Documents\prcocess exp
[2009/08/23 15:19:10 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/23 15:19:08 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/23 15:19:07 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/23 15:19:00 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/23 15:18:58 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/23 15:18:28 | 40,101,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/23 15:18:26 | 00,068,001 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/23 15:18:25 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/23 15:18:21 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/23 15:18:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/23 14:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sony\Application Data\AVG8
[2009/08/22 14:01:23 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/22 12:32:37 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/22 12:31:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/22 12:28:20 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/22 12:28:17 | 00,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/22 12:27:51 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/08/22 11:57:09 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/22 11:57:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/20 20:15:53 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/19 22:19:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/19 22:19:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/19 22:19:39 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/19 22:19:02 | 00,000,000 | ---D | C] -- C:\354a8477206311676f513bff1818

========== Files - Modified Within 14 Days ==========

[2009/08/23 20:48:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 20:48:25 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/23 20:48:02 | 00,017,548 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/23 20:47:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/23 20:47:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/23 20:47:40 | 53,528,5760 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/23 20:28:20 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 20:07:17 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Sony\Desktop\NTREGOPT.lnk
[2009/08/23 20:07:17 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\Sony\Desktop\ERUNT.lnk
[2009/08/23 19:19:58 | 00,000,954 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/23 15:19:10 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/23 15:19:08 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/23 15:19:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/23 15:19:00 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/23 15:18:58 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/23 15:18:56 | 40,101,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/23 15:18:28 | 00,068,001 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/23 15:18:26 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/23 15:18:25 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/22 12:32:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/22 12:28:17 | 00,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/22 11:57:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/22 10:35:51 | 00,044,384 | ---- | M] () -- C:\Documents and Settings\Sony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/21 15:58:05 | 00,107,520 | ---- | M] () -- C:\Documents and Settings\Sony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/20 20:08:22 | 00,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/19 22:25:41 | 00,489,078 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/19 22:25:41 | 00,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/19 22:25:41 | 00,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/17 18:32:54 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/17 01:37:34 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== LOP Check ==========

[2009/08/23 15:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/22 12:28:31 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2005/10/19 18:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/07/15 22:38:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2004/11/15 15:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2009/08/23 20:58:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2004/11/15 17:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/06/01 20:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sky
[2009/01/29 20:38:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009/08/23 14:41:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sony\Application Data
[2005/07/05 22:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\.BitTornado
[2005/10/19 18:45:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\Ahead
[2009/07/24 23:54:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\Azureus
[2008/10/11 05:27:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\i42 Software
[2006/10/18 17:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\Image Zone Express
[2005/10/19 20:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\InterVideo
[2005/04/27 16:40:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\Leadertech
[2008/10/11 05:11:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\leafChat
[2009/08/23 00:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mIRC
[2008/04/01 20:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\My Games
[2009/08/23 20:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\OpenOffice.org2
[2009/01/04 11:59:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\Sports Interactive
[2008/11/14 20:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\SystemRequirementsLab
[2007/06/18 23:00:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\Teleca
[2007/02/25 20:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\TommyGun79
[2008/08/23 02:39:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\X-Chat 2
[2009/08/22 12:32:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/07/29 19:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/23 20:47:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/06/23 18:59:24 | 00,000,184 | ---- | M] () -- C:\setuplog.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 65 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVV
VVV
< End of report >

GMER

GMER 1.0.15.15077 [kjci9020.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 21:42:47
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 82EF58D8 ZwEnumerateKey
Code 82D74878 ZwFlushInstructionCache
Code 82E8C316 ZwSaveKey
Code 82DA82CE ZwSaveKeyEx
Code 82E5F64E IofCallDriver
Code 82DE8EB6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 82E5F653
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 82DE8EBB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 82D7487C
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 82EF58DC
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 82E8C31A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 82DA82D2
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD5325.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F74434F0 16 Bytes CALL 4D1F7223
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F7443501 31 Bytes [20, 44, F7, 89, D2, CD, 86, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? system32\drivers\ejjjf.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1640] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B8000A
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\Explorer.EXE[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2068] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2068] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2068] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2068] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2208] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2208] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2208] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2208] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apntex.exe[2232] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apntex.exe[2232] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apntex.exe[2232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apntex.exe[2232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2704] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3104] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe[3104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3308] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[3308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3344] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3344] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3344] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3344] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe[3352] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe[3352] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe[3352] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe[3352] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ICO.EXE[3364] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ICO.EXE[3364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ICO.EXE[3364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ICO.EXE[3364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3372] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3372] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3372] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3372] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3396] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apoint.exe[3460] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apoint.exe[3460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apoint.exe[3460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Apoint\Apoint.exe[3460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe[3500] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe[3500] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe[3500] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe[3500] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\DAEMON Tools\daemon.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\DAEMON Tools\daemon.exe[3512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\DAEMON Tools\daemon.exe[3512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\DAEMON Tools\daemon.exe[3512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Kontiki\KHost.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Kontiki\KHost.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Kontiki\KHost.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Kontiki\KHost.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3580] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3580] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[3580] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[3620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[3620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[3620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[3620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[3632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text D:\Program Files\Open Office\program\soffice.BIN[4056] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text D:\Program Files\Open Office\program\soffice.BIN[4056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text D:\Program Files\Open Office\program\soffice.BIN[4056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text D:\Program Files\Open Office\program\soffice.BIN[4056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Documents and Settings\Sony\My Documents\Downloads\kjci9020.exe[4320] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Documents and Settings\Sony\My Documents\Downloads\kjci9020.exe[4320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Documents and Settings\Sony\My Documents\Downloads\kjci9020.exe[4320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Documents and Settings\Sony\My Documents\Downloads\kjci9020.exe[4320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[4936] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 66003B74 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[4936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 66003B19 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[4936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 66003A72 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[4936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 66003AC5 C:\WINDOWS\system32\SonyAIwd.dll (Sony VAIO watchdog/QSound Labs, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8393AD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8393C0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8393B96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F839476C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8394642] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83B6056] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002DE60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002DED0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001D00] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002DEF0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001D20] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001D50] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001CE0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3692] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 831CCEB0

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D4646AD9-0EE5-47E1-B0CA-5722D4D11E44} 82DEA3A0

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 831CD5D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 831CD5D0
Device \Driver\Cdrom \Device\CdRom0 82F7F328
Device \FileSystem\Rdbss \Device\FsWrap 8239AEB0
Device \Driver\Ftdisk \Device\HarddiskVolume3 831CD5D0
Device \Driver\Cdrom \Device\CdRom1 82F7F328
Device \Driver\Cdrom \Device\CdRom2 82F7F328
Device \Driver\Cdrom \Device\CdRom3 82F7F328
Device \Driver\Cdrom \Device\CdRom4 82F7F328
Device \Driver\NetBT \Device\NetBT_Tcpip_{61C2CCB5-59E1-480A-9FEA-9658DD226873} 82DEA3A0
Device \Driver\NetBT \Device\NetBt_Wins_Export 82DEA3A0
Device \Driver\NetBT \Device\NetbiosSmb 82DEA3A0
Device \Driver\00000048 \Device\0000004e sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Disk \Device\Harddisk0\DR0 831CC0E8

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Disk \Device\Harddisk1\DR4 831CC0E8
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+5 831CC0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 823CAEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 823CAEB0
Device \FileSystem\Npfs \Device\NamedPipe 8312FEB0
Device \Driver\Ftdisk \Device\FtControl 831CD5D0
Device \FileSystem\Msfs \Device\Mailslot 82B59360
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port1Path0Target2Lun0 82EBDEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port1Path0Target0Lun0 82EBDEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port1Path0Target3Lun0 82EBDEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port1Path0Target1Lun0 82EBDEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 82EBDEB0
Device \FileSystem\Cdfs \Cdfs 82EAA678

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmobqjarlt.sys (*** hidden *** ) [SYSTEM] kbiwkmxuwkbgko <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xF1 0x25 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xE6 0xB8 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xEA 0x21 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x1A 0x93 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0x00 0x40 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCB 0x50 0xA8 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xF1 0x25 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xE6 0xB8 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x05 0x32 0x27 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x1A 0x93 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0x00 0x40 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCB 0x50 0xA8 0x9F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xF1 0x25 0x34 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xE6 0xB8 0x41 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x05 0x32 0x27 0x3C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x1A 0x93 0x51 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0x00 0x40 0x6F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCB 0x50 0xA8 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko@imagepath \systemroot\system32\drivers\kbiwkmobqjarlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\drivers\kbiwkmobqjarlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmsewmycpa.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmswuphdja.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmxsnsxyte.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmtehtkbek.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xF1 0x25 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xE6 0xB8 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xEA 0x21 0xCA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x1A 0x93 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0x00 0x40 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCB 0x50 0xA8 0x9F ...
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko@imagepath \systemroot\system32\drivers\kbiwkmobqjarlt.sys
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main@aid 10002
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main@sid 1
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\drivers\kbiwkmobqjarlt.sys
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmsewmycpa.dll
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmswuphdja.dat
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmxsnsxyte.dll
Reg HKLM\SYSTEM\ControlSet006\Services\kbiwkmxuwkbgko\[email protected] \systemroot\system32\kbiwkmtehtkbek.dat
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF3 0xF1 0x25 0x34 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE3 0xE6 0xB8 0x41 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xEA 0x21 0xCA ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF6 0x1A 0x93 0x51 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x31 0x00 0x40 0x6F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xCB 0x50 0xA8 0x9F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\kbiwkmsewmycpa.dll 45056 bytes executable
File C:\WINDOWS\system32\kbiwkmswuphdja.dat 31789 bytes
File C:\WINDOWS\system32\kbiwkmtehtkbek.dat 91 bytes
File C:\WINDOWS\system32\kbiwkmxsnsxyte.dll 19968 bytes executable
File C:\WINDOWS\system32\drivers\kbiwkmobqjarlt.sys 71168 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\Temp\kbiwkmlkvrchtixt.tmp 91 bytes

---- EOF - GMER 1.0.15 ----

Combifix:

ComboFix 09-08-22.06 - Sony 23/08/2009 22:20.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.93 [GMT 1:00]
Running from: c:\documents and settings\Sony\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Windows Live Messenger .lnk
c:\recycler\S-1-5-21-2302734979-2663196984-2720711168-1003
c:\recycler\S-1-5-21-3335092285-3910610236-2503500597-1003
C:\setuplog.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Fonts\ZWAdobeF.TTF
c:\windows\system32\drivers\kbiwkmobqjarlt.sys
c:\windows\system32\kbiwkmsewmycpa.dll
c:\windows\system32\kbiwkmswuphdja.dat
c:\windows\system32\kbiwkmtehtkbek.dat
c:\windows\system32\kbiwkmxsnsxyte.dll
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmxuwkbgko
-------\Legacy_kbiwkmxuwkbgko

((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 19:10 . 2009-08-23 19:10 -------- d-----w- c:\documents and settings\Sony\Application Data\Malwarebytes
2009-08-23 19:10 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 19:10 . 2009-08-23 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 19:10 . 2009-08-23 19:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-23 19:10 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 19:07 . 2009-08-23 19:07 -------- d-----w- c:\program files\ERUNT
2009-08-23 14:19 . 2009-08-23 14:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 14:19 . 2009-08-23 14:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-23 14:19 . 2009-08-23 14:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 14:18 . 2009-08-23 14:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 14:18 . 2009-08-23 14:18 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-23 13:41 . 2009-08-23 13:41 -------- d-----w- c:\documents and settings\Sony\Application Data\AVG8
2009-08-22 13:01 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-22 11:31 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-22 11:28 . 2009-08-22 11:28 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-22 11:27 . 2009-08-22 11:27 -------- d-----w- c:\program files\Lavasoft
2009-08-22 10:58 . 2008-02-17 16:16 90112 ----a-w- c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-08-22 10:58 . 2007-12-28 10:15 172032 ----a-w- c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-08-22 10:58 . 2007-10-08 00:57 307200 ----a-w- c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- c:\program files\MSBuild
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 21:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-19 21:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-19 21:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-19 21:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-19 21:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- C:\354a8477206311676f513bff1818
2009-08-19 21:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-19 21:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-18 18:00 . 2009-08-18 18:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-17 00:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 17:48 . 2009-07-28 17:48 -------- d-----w- c:\program files\Recovery Toolbox for Outlook Express
2009-07-25 16:17 . 2009-07-25 16:17 39272 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 21:42 . 2007-06-17 10:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kontiki
2009-08-23 21:37 . 2005-10-10 20:53 -------- d-----w- c:\documents and settings\Sony\Application Data\OpenOffice.org2
2009-08-23 14:17 . 2008-06-01 15:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-22 23:56 . 2008-08-23 00:50 -------- d-----w- c:\documents and settings\Sony\Application Data\mIRC
2009-08-22 10:54 . 2006-04-07 15:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-22 10:54 . 2006-04-07 15:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-22 09:35 . 2005-06-11 22:20 44384 ----a-w- c:\documents and settings\Sony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 00:37 . 2009-05-06 18:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2008-09-03 21:37 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-24 22:54 . 2005-07-07 19:45 -------- d-----w- c:\documents and settings\Sony\Application Data\Azureus
2009-07-17 19:01 . 2008-09-03 21:38 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-11-15 04:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-11-15 04:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2008-09-03 21:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-09-03 21:37 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-09-03 21:37 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-09-03 21:38 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2008-09-03 21:40 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-09-03 21:36 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2008-09-03 21:37 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 184320]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-07 126976]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx\Anti-Blaxx.exe" [2005-10-08 212992]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-03 5406720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sony\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - d:\program files\Open Office\program\quickstart.exe [2005-9-23 61440]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2005-4-21 3547136]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-6-23 962661]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 14:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 15:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Video\\mIRC 6.3 + keygen\\mIRC 6.3 + keygen\\mIRC - English.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55395:TCP"= 55395:TCP:vuze
"55395:UDP"= 55395:UDP:vue1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/08/2009 12:31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/08/2009 15:19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/08/2009 15:19 108552]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15:07 45627]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/08/2009 15:18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/08/2009 15:17 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [07/01/2006 17:01 24786]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [15/07/2008 22:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [15/07/2008 22:37 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [15/07/2008 22:37 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [15/07/2008 22:37 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [15/07/2008 22:37 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [15/07/2008 22:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [15/07/2008 22:37 110120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-adiras - adiras.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\docume~1\Sony\APPLIC~1\Mozilla\Firefox\Profiles\3aebxll4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTJBNS.DLL
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\CTIntrfc.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSHK.dll
c:\program files\Creative\Creative NOMAD Jukebox Zen Xtra\NOMAD Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
d:\program files\Open Office\program\soffice.exe
d:\program files\Open Office\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-08-23 22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 21:49

Pre-Run: 9,151,201,280 bytes free
Post-Run: 9,048,051,712 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=2,3,4,5,6
317 --- E O F --- 2009-08-21 12:34

#2
emeraldnzl

Posted 26 August 2009 - 01:47 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello sahilp,

Welcome to Geekstogo.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#3
sahilp

Posted 27 August 2009 - 12:53 PM

New Member

Topic Starter
Member
7 posts

Hi. Thanks for looking at this for me. I've just run ComboFix and this is the contents of the log file:

ComboFix 09-08-27.01 - Sony 27/08/2009 19:39.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.173 [GMT 1:00]
Running from: c:\documents and settings\Sony\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sony\My Documents\backup.reg

.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-23 19:10 . 2009-08-23 19:10 -------- d-----w- c:\documents and settings\Sony\Application Data\Malwarebytes
2009-08-23 19:10 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 19:10 . 2009-08-23 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 19:10 . 2009-08-23 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 19:10 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 19:07 . 2009-08-23 19:07 -------- d-----w- c:\program files\ERUNT
2009-08-23 14:19 . 2009-08-23 14:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 14:19 . 2009-08-23 14:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-23 14:19 . 2009-08-23 14:19 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 14:18 . 2009-08-23 14:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 14:18 . 2009-08-27 17:55 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-23 13:41 . 2009-08-23 13:41 -------- d-----w- c:\documents and settings\Sony\Application Data\AVG8
2009-08-22 13:01 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-22 11:31 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-22 11:28 . 2009-08-22 11:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-22 11:28 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-22 11:27 . 2009-08-22 11:27 -------- d-----w- c:\program files\Lavasoft
2009-08-22 10:58 . 2008-02-17 16:16 90112 ----a-w- c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-08-22 10:58 . 2007-12-28 10:15 172032 ----a-w- c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-08-22 10:58 . 2007-10-08 00:57 307200 ----a-w- c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- c:\program files\MSBuild
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-19 21:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-19 21:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-19 21:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-19 21:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-19 21:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-19 21:19 . 2009-08-19 21:19 -------- d-----w- C:\354a8477206311676f513bff1818
2009-08-19 21:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-19 21:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-18 18:00 . 2009-08-18 18:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-17 00:54 . 2009-05-26 18:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-08-17 00:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 18:12 . 2008-08-23 00:50 -------- d-----w- c:\documents and settings\Sony\Application Data\mIRC
2009-08-23 22:59 . 2004-11-15 16:44 -------- d-----w- c:\program files\Java
2009-08-23 22:51 . 2007-06-17 10:05 -------- d-----w- c:\program files\Kontiki
2009-08-23 22:51 . 2007-06-17 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-08-23 22:49 . 2005-07-31 12:28 -------- d-----w- c:\program files\Soulseek
2009-08-23 22:45 . 2005-10-10 20:53 -------- d-----w- c:\documents and settings\Sony\Application Data\OpenOffice.org2
2009-08-23 14:17 . 2008-06-01 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-22 10:54 . 2006-04-07 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-22 10:54 . 2006-04-07 15:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-22 09:35 . 2005-06-11 22:20 44384 ----a-w- c:\documents and settings\Sony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 00:37 . 2009-05-06 18:39 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2008-09-03 21:37 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 17:48 . 2009-07-28 17:48 -------- d-----w- c:\program files\Recovery Toolbox for Outlook Express
2009-07-25 16:17 . 2009-07-25 16:17 39272 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-24 22:54 . 2005-07-07 19:45 -------- d-----w- c:\documents and settings\Sony\Application Data\Azureus
2009-07-17 19:01 . 2008-09-03 21:38 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-11-15 04:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-11-15 04:18 915456 ------w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2008-09-03 21:37 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-09-03 21:37 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-09-03 21:37 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-09-03 21:38 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2008-09-03 21:40 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-09-03 21:36 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2008-09-03 21:37 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-23_21.35.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-03 21:40 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 151552]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 184320]
"PDService.exe"="c:\program files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-07 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-07 126976]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx\Anti-Blaxx.exe" [2005-10-08 212992]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-03 5406720]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-7-30 217195]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-6-23 962661]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 14:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 15:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Video\\mIRC 6.3 + keygen\\mIRC 6.3 + keygen\\mIRC - English.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55395:TCP"= 55395:TCP:vuze
"55395:UDP"= 55395:UDP:vue1

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/08/2009 12:31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/08/2009 15:19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/08/2009 15:19 108552]
R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 15:07 45627]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/08/2009 15:18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/08/2009 15:17 297752]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [07/01/2006 17:01 24786]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [15/07/2008 22:37 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [15/07/2008 22:37 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [15/07/2008 22:37 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [15/07/2008 22:37 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [15/07/2008 22:37 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [15/07/2008 22:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [15/07/2008 22:37 110120]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath - c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Sony\Application Data\Mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 19:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-08-27 19:50
ComboFix-quarantined-files.txt 2009-08-27 18:50
ComboFix2.txt 2009-08-23 21:49

Pre-Run: 9,178,550,272 bytes free
Post-Run: 9,138,999,296 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=2,3,4,5,6
262 --- E O F --- 2009-08-26 17:48

#4
emeraldnzl

Posted 27 August 2009 - 01:59 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello sahilp,

Bit to do in this post.

Firstly

Your Java is out of date, older versions are vunerable to attack.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note: I you run into difficulty with the Java update just move on to the next action. Tell me when you come back and we will find an alternative.

Step 2

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

Now

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:processes

:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [adiras] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O33 - MountPoints2\{eb93699c-3efd-11dd-bbad-000e35f02162}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found

:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

Next

Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 2 (Fix)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

Finally in this post

Close all windows and open OTL again.
Click Run Scan and let the program run uninterrupted
It will produce a log for you. Post the log here.

So when you return please post
OTL fix log
ToolbarSD log
OTL scan log - OTL.txt

#5
sahilp

Posted 27 August 2009 - 03:57 PM

New Member

Topic Starter
Member
7 posts

Ok, I've done all that. Here are the logs:

OTL Fix:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\adiras not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr not found.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb93699c-3efd-11dd-bbad-000e35f02162}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb93699c-3efd-11dd-bbad-000e35f02162}\ not found.
File setupSNK.exe not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:* deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Sony
->Temp folder emptied: 58801122 bytes
->Temporary Internet Files folder emptied: 341438 bytes
->Java cache emptied: 14414284 bytes
->FireFox cache emptied: 69681841 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 73124308 bytes

Total Files Cleaned = 206.37 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.10.7 log created on 08272009_224116

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck scheduled to be deleted on reboot.

ToolbarSD Log:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Sony ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.5 (Not Activated)
C:\ (Local Disk) - NTFS - Total:27 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:58 Go (Free:7 Go)
E:\ (USB)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 27/08/2009|22:48 )

-----------\\ Searching for Files - Folders ...

-----------\\ Extensions

(Sony) - {69087485-8EDE-4a6c-91BE-6B882EB268A5} => aquatint-1.2.6-fx
(Sony) - {a7c6cf7f-112c-4500-a7ea-39801a327e5f} => fireftp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.co.uk/"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft...ie&ar=iesearch"
"Url"="http://go.microsoft..../?LinkId=68929"
"Url"="http://go.microsoft..../?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Default_Search_URL"="http://go.microsoft..../?LinkId=54896"
"Search Page"="http://go.microsoft..../?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Sony\Application Data\Azureus\torrents\mIRC 6.3 + keygen.rar [mininova][1].torrent
C:\DOCUME~1\Sony\My Documents\Nero\Ahead Nero Ultra Edition\Serial-Cracks
C:\DOCUME~1\Sony\My Documents\Nero\Ahead Nero Ultra Edition\Serial-Cracks\Orion_Keygen.exe
C:\DOCUME~1\Sony\Recent\mIRC 6.3 + keygen.rar.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 27/08/2009|22:49 - Option : [2]

-----------\\ Scan completed at 22:49:11.23

OTL Scan Log:

OTL logfile created on: 27/08/2009 22:50:56 - Run 3
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Sony\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.42 Mb Total Physical Memory | 167.10 Mb Available Physical Memory | 32.74% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 8.11 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
Drive D: | 58.23 Gb Total Space | 7.02 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-844AEAC0A5
Current User Name: Sony
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/08/06 17:43:12 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/08/06 17:45:44 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/23 15:17:59 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSvcCDA.EXE
PRC - [2009/08/23 15:18:12 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/27 22:22:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/23 15:18:12 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2005/04/03 21:34:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2004/08/06 17:42:36 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/09/30 11:54:20 | 00,150,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2004/10/25 10:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2009/08/23 15:18:01 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2004/10/25 10:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 10:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2009/08/23 15:18:12 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2004/10/21 20:12:48 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2004/07/06 15:15:38 | 00,040,960 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PRC - [2002/03/14 17:46:58 | 00,045,056 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\ICO.EXE
PRC - [2004/02/20 15:12:34 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 09:21:28 | 00,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/10/08 22:08:50 | 00,212,992 | ---- | M] (MB-Soft) -- C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
PRC - [2008/01/15 04:22:56 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2003/02/26 03:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/08/27 22:22:52 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2003/07/30 02:52:00 | 00,217,195 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2004/07/28 16:39:30 | 00,962,661 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [1997/08/19 00:00:00 | 00,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
PRC - [2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/04/14 01:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/08/23 19:48:55 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sony\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/23 15:18:01 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/23 15:17:59 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2004/08/06 17:43:12 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/01/15 04:22:44 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/08/27 22:22:52 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/03 15:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/04/03 21:34:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2004/08/06 17:42:36 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/08/06 17:45:44 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2004/08/23 14:02:58 | 00,139,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service [On_Demand | Stopped])
SRV - [2004/11/02 21:43:52 | 00,339,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler [On_Demand | Stopped])
SRV - [2004/10/25 10:35:34 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2004/09/30 11:54:20 | 00,150,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2004/10/01 14:46:34 | 01,826,816 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2004/06/16 03:41:06 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2004/08/05 16:45:26 | 00,397,824 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe -- (VCI [Auto | Stopped])
SRV - [2004/10/25 10:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2004/10/25 10:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2004/10/25 10:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/03/02 09:26:58 | 00,050,007 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\adildr.sys -- (ADILOADER [Auto | Stopped])
DRV - [2004/03/02 09:24:16 | 00,127,065 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys -- (adiusbaw [On_Demand | Stopped])
DRV - [2004/11/15 15:14:48 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2004/02/17 10:38:06 | 00,070,688 | R--- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2003/09/29 05:31:38 | 00,094,601 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2009/08/23 15:19:00 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/23 15:18:58 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/23 15:19:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2000/12/05 17:18:02 | 00,003,952 | R--- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys -- (DMICall [System | Running])
DRV - [2005/11/16 22:00:16 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
DRV - [2004/08/19 05:25:24 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004/11/18 12:49:14 | 00,024,786 | ---- | M] (EUTRON) -- C:\WINDOWS\System32\Drivers\eusk2par.sys -- (eusk2par [System | Stopped])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/03/08 13:52:26 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/03/08 13:52:28 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/03/08 13:52:28 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/09/08 03:37:10 | 00,161,024 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2004/09/08 03:36:20 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/10/08 00:54:56 | 00,752,093 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2004/11/03 10:15:00 | 02,301,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2003/10/23 02:23:00 | 00,016,848 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2009/07/03 15:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2004/03/17 04:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2005/04/03 21:34:00 | 03,299,616 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2003/03/05 13:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])
DRV - [2004/07/06 15:07:06 | 00,045,627 | R--- | M] (Utimaco Safeware AG) -- C:\WINDOWS\System32\Drivers\PrivateDiskM.sys -- (PrivateDisk [System | Running])
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007/04/03 12:57:42 | 00,083,336 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s116bus.sys -- (s116bus [On_Demand | Stopped])
DRV - [2004/08/06 17:44:14 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/12/10 14:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017bus.sys -- (s3017bus [On_Demand | Stopped])
DRV - [2007/12/10 14:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017mdfl.sys -- (s3017mdfl [On_Demand | Stopped])
DRV - [2007/12/10 14:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017mdm.sys -- (s3017mdm [On_Demand | Stopped])
DRV - [2007/12/10 14:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017mgmt.sys -- (s3017mgmt [On_Demand | Stopped])
DRV - [2007/12/10 14:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017nd5.sys -- (s3017nd5 [On_Demand | Stopped])
DRV - [2007/12/10 14:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017obex.sys -- (s3017obex [On_Demand | Stopped])
DRV - [2007/12/10 14:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s3017unic.sys -- (s3017unic [On_Demand | Stopped])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2000/11/09 11:15:08 | 00,048,896 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\Drivers\SonyNC.sys -- (SNC [On_Demand | Running])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/11/16 21:57:49 | 00,664,064 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2004/05/21 05:46:50 | 00,065,024 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifmsony.sys -- (tifmsony [On_Demand | Running])
DRV - [2007/10/31 15:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/08/07 19:51:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2004/09/08 03:36:54 | 00,685,184 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/19 22:21:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/23 15:17:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/27 22:22:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/23 23:51:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 22:43:33 | 00,000,000 | ---D | M]

[2008/09/02 18:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Extensions
[2008/09/02 18:33:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/27 22:45:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions
[2007/03/19 22:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\{69087485-8EDE-4a6c-91BE-6B882EB268A5}
[2009/08/22 11:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/06 19:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/02/11 20:51:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sony\Application Data\mozilla\Firefox\Profiles\3aebxll4.default\extensions\[email protected]
[2009/08/27 22:38:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/18 18:50:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/21 21:10:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/08/27 22:23:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/19 20:54:19 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/19 20:54:19 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2004/09/09 00:03:50 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/08/27 22:22:52 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/19 20:54:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/01/20 19:41:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/19 20:54:30 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/19 20:54:30 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/19 20:54:30 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/19 20:54:30 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/19 20:54:30 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/19 20:54:30 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/19 20:54:30 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/19 20:54:30 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe (MB-Soft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Sony\My Documents\Downloads\OTL.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/15 14:34:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/08/27 22:47:23 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/08/27 22:47:16 | 00,343,020 | ---- | C] () -- C:\Documents and Settings\Sony\Desktop\ToolBarSD.exe
[2009/08/27 22:41:16 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/27 22:32:44 | 00,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/27 22:24:52 | 26,739,584 | ---- | C] ( ) -- C:\Documents and Settings\Sony\Desktop\AdbeRdr910_en_US.exe
[2009/08/27 22:23:15 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/27 22:23:15 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/27 22:23:14 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/27 22:23:14 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/27 22:20:55 | 16,664,352 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Sony\Desktop\jre-6u16-windows-i586.exe
[2009/08/27 22:16:19 | 00,000,000 | ---D | C] -- C:\javara
[2009/08/27 22:15:46 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Sony\Desktop\JavaRa.zip
[2009/08/27 20:53:09 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/27 19:48:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/23 22:46:59 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/23 22:46:59 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/23 22:46:59 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/23 22:46:59 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/23 22:46:59 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/23 22:46:59 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/23 22:46:59 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/23 22:46:59 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/23 22:46:59 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/23 22:46:59 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/23 22:46:59 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/23 22:46:59 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/23 22:46:59 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/23 22:46:58 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/23 22:46:58 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/23 22:46:58 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/23 22:46:58 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/23 22:46:58 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/23 22:46:58 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/23 22:46:58 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/23 22:46:58 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/23 22:46:58 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/23 22:46:58 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/23 22:46:58 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/23 22:46:58 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/23 22:46:58 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll
[2009/08/23 22:46:58 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/23 22:46:58 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/23 22:46:58 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/23 22:46:58 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/23 22:46:58 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/23 22:46:58 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/23 22:46:57 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/23 22:46:57 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/23 22:46:57 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/23 22:46:57 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/23 22:46:57 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/23 22:46:57 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/23 22:46:57 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/23 22:46:57 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/23 22:46:57 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/23 22:46:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/23 22:46:57 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/23 22:46:57 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/23 22:46:57 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/23 22:46:57 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/23 22:46:57 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/23 22:46:57 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/23 22:46:57 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/23 22:46:57 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/23 22:46:57 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/23 22:46:56 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/23 22:46:56 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/23 22:46:56 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/23 22:46:56 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/23 22:46:56 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/23 22:46:56 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/23 22:46:56 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/23 22:46:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/23 22:03:05 | 00,000,216 | ---- | C] () -- C:\Boot.bak
[2009/08/23 22:02:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/23 22:02:53 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/08/23 21:58:19 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/23 21:58:19 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/23 21:58:19 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/23 21:58:19 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/23 21:58:19 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/23 21:58:19 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/23 21:58:19 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/23 21:58:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/23 21:57:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/23 20:30:35 | 53,528,5760 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/23 20:10:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sony\Application Data\Malwarebytes
[2009/08/23 20:10:21 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 20:10:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/23 20:10:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/23 20:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/23 20:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/23 20:07:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/23 20:07:17 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Sony\Desktop\NTREGOPT.lnk
[2009/08/23 20:07:17 | 00,000,596 | ---- | C] () -- C:\Documents and Settings\Sony\Desktop\ERUNT.lnk
[2009/08/23 20:07:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/23 19:19:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sony\My Documents\prcocess exp
[2009/08/23 15:19:10 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/23 15:19:08 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/23 15:19:07 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/23 15:19:00 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/23 15:18:58 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/23 15:18:28 | 40,201,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/23 15:18:26 | 00,069,073 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/23 15:18:25 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/23 15:18:21 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/23 15:18:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/23 14:41:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sony\Application Data\AVG8
[2009/08/22 14:01:23 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/08/22 12:32:37 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/22 12:31:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/08/22 12:28:20 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/22 12:28:17 | 00,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/22 12:27:51 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/08/22 11:57:09 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/08/22 11:57:09 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/08/20 20:15:53 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/19 22:19:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/19 22:19:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/19 22:19:39 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/19 22:19:03 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/19 22:19:03 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/19 22:19:03 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/19 22:19:03 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/19 22:19:03 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/19 22:19:02 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/19 22:19:02 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/19 22:19:02 | 00,000,000 | ---D | C] -- C:\354a8477206311676f513bff1818
[2009/08/17 01:38:54 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/17 01:37:26 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/25 19:02:26 | 00,000,200 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2008/11/08 14:44:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2008/04/06 00:36:14 | 00,000,020 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/21 18:01:15 | 00,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL
[2007/04/21 03:26:20 | 00,000,080 | ---- | C] () -- C:\WINDOWS\yahrools.ini
[2007/02/25 14:47:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/12/22 11:34:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2005/12/20 19:31:21 | 00,005,606 | R--- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/11/16 22:00:16 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2005/11/16 21:57:49 | 00,664,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2005/11/16 21:57:49 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd5325.sys
[2005/10/19 17:59:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/06/23 18:59:23 | 00,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2005/06/23 18:59:23 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2005/06/23 18:59:16 | 00,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2005/06/23 18:59:14 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2005/06/23 18:59:13 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2005/04/27 21:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 21:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2005/04/21 16:57:51 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2004/11/15 18:09:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/15 17:48:27 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/15 17:48:27 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/15 17:48:27 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/15 17:48:27 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/15 17:48:27 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/15 17:48:27 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/15 17:40:30 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/11/15 15:36:54 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/15 05:19:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/11/15 05:19:14 | 00,002,350 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/11/15 05:18:40 | 00,000,954 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/11/15 05:18:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/10/22 08:10:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2001/10/24 16:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[1997/08/19 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/19 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/08/14 00:00:00 | 00,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/14 00:00:00 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/27 22:47:17 | 00,343,020 | ---- | M] () -- C:\Documents and Settings\Sony\Desktop\ToolBarSD.exe
[2009/08/27 22:44:53 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/27 22:44:38 | 00,017,548 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/08/27 22:43:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 22:43:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 22:43:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 22:43:15 | 53,528,5760 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/27 22:41:48 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/08/27 22:32:45 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/08/27 22:25:54 | 26,739,584 | ---- | M] ( ) -- C:\Documents and Settings\Sony\Desktop\AdbeRdr910_en_US.exe
[2009/08/27 22:22:51 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/08/27 22:22:51 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/27 22:22:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/27 22:22:51 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/27 22:22:51 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/08/27 22:21:37 | 16,664,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Sony\Desktop\jre-6u16-windows-i586.exe
[2009/08/27 22:16:21 | 00,000,954 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/27 22:15:49 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Sony\Desktop\JavaRa.zip
[2009/08/27 19:47:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/27 18:55:35 | 40,201,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/27 18:54:48 | 00,069,073 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/23 22:03:05 | 00,000,286 | RHS- | M] () -- C:\boot.ini
[2009/08/23 20:28:20 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/23 20:07:17 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Sony\Desktop\NTREGOPT.lnk
[2009/08/23 20:07:17 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\Sony\Desktop\ERUNT.lnk
[2009/08/23 15:19:10 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/23 15:19:08 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/23 15:19:07 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/23 15:19:00 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/23 15:18:58 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/23 15:18:26 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/23 15:18:25 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/22 12:32:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/22 12:28:17 | 00,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/08/22 11:57:09 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/08/22 10:35:51 | 00,044,384 | ---- | M] () -- C:\Documents and Settings\Sony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/21 15:58:05 | 00,107,520 | ---- | M] () -- C:\Documents and Settings\Sony\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/21 13:34:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/20 20:08:22 | 00,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/19 22:25:41 | 00,489,078 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/19 22:25:41 | 00,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/19 22:25:41 | 00,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/17 01:37:34 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 10:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/29 19:56:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
< End of report >

#6
emeraldnzl

Posted 27 August 2009 - 04:13 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello sahilp,

Please download and save SysProt AntiRootkit to your Desktop.

double click the Zip file.
You should now have a folder with SysProt and some other files within it on your Desktop.
Double-click SysProt and you should see another small window with SysProt underneath it.
Double-click this and Wizard will appear to guide you through extracting the files.
Double-click the Sysprot folder
SysProt will appear with a red cross on black - double-click
a panel will appear with a number of tabs along the top
click on the Log tab and check all boxes except the one Hidden objects only
click the Creat Log button
it will scan...once finished a panel will appear
click on Scan all drives
A log will be created and saved automatically in the same folder.
Open the text file copy and paste the contents back here in the forum. Close any left open panels.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3. It uses Java Runtime Environment (JRE) .

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

Read through the requirements and privacy statement and click on Accept button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post
SysProt log
Kaspersky scan results

#7
sahilp

Posted 29 August 2009 - 02:22 AM

New Member

Topic Starter
Member
7 posts

Thanks for the continued help.

Sysprot log file:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 812
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 884
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 908
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 968
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1116
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1196
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1236
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1272
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PID: 1612
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1800
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1976
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 180
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 244
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\CTSVCCDA.EXE
PID: 276
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 328
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PID: 504
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 564
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\MsPMSPSv.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PID: 1508
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 1752
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1876
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 2144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2800
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PID: 1688
Hidden: No
Window Visible: No

Name: C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
PID: 1864
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ico.exe
PID: 1740
Hidden: No
Window Visible: No

Name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PID: 1888
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint\Apoint.exe
PID: 1396
Hidden: No
Window Visible: No

Name: C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 2416
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 2540
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 2672
Hidden: No
Window Visible: No

Name: C:\Program Files\Messenger\msmsgs.exe
PID: 2748
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint\ApntEx.exe
PID: 2896
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PID: 2908
Hidden: No
Window Visible: No

Name: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PID: 2940
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Office\Office\OSA.EXE
PID: 2992
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3252
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2496
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Sony\Desktop\SysProt\SysProt.exe
PID: 3008
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Sony\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: F0C14000
Module End: F0C1F000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CF680
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D0000
Module End: 806F0300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F8A66000
Module End: F8A68000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F8976000
Module End: F8979000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys
Service Name: sptd
Module Base: F8392000
Module End: F8465000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: F8A68000
Module End: F8A6A000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SPTD5325.SYS
Service Name: ---
Module Base: F837A000
Module End: F8392000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F834C000
Module End: F837A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F833B000
Module End: F834C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F8566000
Module End: F8570000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F8576000
Module End: F8586000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F8586000
Module End: F8594000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F897A000
Module End: F897D000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F897E000
Module End: F8982000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F8B2E000
Module End: F8B2F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F87E6000
Module End: F87ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F8A6A000
Module End: F8A6C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F831D000
Module End: F833B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F8596000
Module End: F85A1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F82FE000
Module End: F831D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F8982000
Module End: F8985000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F8B2F000
Module End: F8B30000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F87EE000
Module End: F87F3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F85A6000
Module End: F85B3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F82E6000
Module End: F82FE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F85B6000
Module End: F85BF000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F85C6000
Module End: F85D3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F82C6000
Module End: F82E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F82B4000
Module End: F82C6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F85D6000
Module End: F85E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F85E6000
Module End: F85EF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F829D000
Module End: F82B4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F828A000
Module End: F829D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F81FD000
Module End: F828A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F81D0000
Module End: F81FD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F81B6000
Module End: F81D0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F8606000
Module End: F8616000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F8686000
Module End: F868F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F816D000
Module End: F8171000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: F742B000
Module End: F7751000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F7417000
Module End: F742B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F73EF000
Module End: F7417000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F8896000
Module End: F889C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F73CB000
Module End: F73EF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F889E000
Module End: F88A6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tifmsony.sys
Service Name: tifmsony
Module Base: F77E1000
Module End: F77F1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\w29n51.sys
Service Name: w29n51
Module Base: F70BB000
Module End: F73CB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: F7095000
Module End: F70BB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SonyNC.sys
Service Name: SNC
Module Base: F88A6000
Module End: F88AC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F77D1000
Module End: F77DE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F88AE000
Module End: F88B4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Service Name: ApfiltrService
Module Base: F707E000
Module End: F7095000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F88B6000
Module End: F88BC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F77C1000
Module End: F77CC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F77B1000
Module End: F77C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F77A1000
Module End: F77B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F705B000
Module End: F707E000
Hidden: No

Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F88BE000
Module End: F88C5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\dtscsi.sys
Service Name: dtscsi
Module Base: F6FE3000
Module End: F702D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F6FCB000
Module End: F6FE3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F8C21000
Module End: F8C22000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F7751000
Module End: F775E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F814D000
Module End: F8150000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6FB4000
Module End: F6FCB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F8696000
Module End: F86A1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F86A6000
Module End: F86B2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F88EE000
Module End: F88F3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F6FA3000
Module End: F6FB4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F86B6000
Module End: F86BF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F88F6000
Module End: F88FB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F88FE000
Module End: F8903000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F86C6000
Module End: F86D0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F8AAA000
Module End: F8AAC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6F45000
Module End: F6FA3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F8145000
Module End: F8149000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F86E6000
Module End: F86F0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: F4CEB000
Module End: F4F1D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: F4CC7000
Module End: F4CEB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F86F6000
Module End: F8705000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Service Name: HSFHWAZL
Module Base: F4C9F000
Module End: F4CC7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Service Name: HSF_DP
Module Base: F4BA0000
Module End: F4C9F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: F4AF8000
Module End: F4BA0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F8916000
Module End: F891E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F8706000
Module End: F8715000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F8ABA000
Module End: F8ABC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F8AD2000
Module End: F8AD4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F893E000
Module End: F8944000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F8AD4000
Module End: F8AD6000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F8AD6000
Module End: F8AD8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F894E000
Module End: F8956000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F8161000
Module End: F8164000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: F4A9D000
Module End: F4AB0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: F4A44000
Module End: F4A9D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: F4A2B000
Module End: F4A44000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: F4A03000
Module End: F4A2B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: F49E1000
Module End: F4A03000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F8726000
Module End: F872F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: F49B6000
Module End: F49E1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\PrivateDiskM.sys
Service Name: PrivateDisk
Module Base: F8736000
Module End: F8742000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: F4946000
Module End: F49B6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F8746000
Module End: F8751000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: F4920000
Module End: F4946000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F8756000
Module End: F875F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F8766000
Module End: F8775000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\DMICall.sys
Service Name: DMICall
Module Base: F8BBC000
Module End: F8BBD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F895E000
Module End: F8964000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: F4807000
Module End: F4858000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F8796000
Module End: F87A6000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F47EF000
Module End: F4807000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8AF0000
Module End: F8AF2000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: F4AF0000
Module End: F4AF3000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F8846000
Module End: F884B000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F8C11000
Module End: F8C12000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F25A7000
Module End: F25AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: F2517000
Module End: F251A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F255B000
Module End: F255F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: F21DA000
Module End: F2207000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: F2149000
Module End: F218A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: F22B7000
Module End: F22BA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: F202F000
Module End: F2081000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\PfModNT.sys
Service Name: PfModNT
Module Base: F22A7000
Module End: F22AB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: F25EF000
Module End: F25F9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: F1EDA000
Module End: F1EEF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: F20F1000
Module End: F2100000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
Service Name: ---
Module Base: F8B18000
Module End: F8B1A000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: F09E1000
Module End: F0A0C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F8BA8000
Module End: F8BA9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F8946000
Module End: F894B000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F85D687E
Driver Base: F85D6000
Driver End: F85E5000
Driver Name: Lbd.sys

Function Name: ZwEnumerateKey
Address: F8397C22
Driver Base: F8392000
Driver End: F8465000
Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey
Address: F8397F9A
Driver Base: F8392000
Driver End: F8465000
Driver Name: sptd.sys

Function Name: ZwOpenKey
Address: F839798E
Driver Base: F8392000
Driver End: F8465000
Driver Name: sptd.sys

Function Name: ZwQueryKey
Address: F8398064
Driver Base: F8392000
Driver End: F8465000
Driver Name: sptd.sys

Function Name: ZwQueryValueKey
Address: F8397EFC
Driver Base: F8392000
Driver End: F8465000
Driver Name: sptd.sys

Function Name: ZwSetValueKey
Address: F85D6BFE
Driver Base: F85D6000
Driver End: F85E5000
Driver Name: Lbd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82F3EE20
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82F3EE20
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82F3EE20
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82F3EE20
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82F3EE20
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\System32\Drivers\dtscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82F3EE20
Hooking Module: _unknown_

Hooked Module: \Driver\00000048
Hooked IRP: IRP_MJ_POWER
Jump To: F839EA26
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\00000048
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F83B2BD8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 831CD3C0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82DAF0E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82DAF0E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82DAF0E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82DAF0E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 82DAF0E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 82F6DEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 831CCEB0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\disk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 831CCEB0
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1407
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1406
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1405
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1404
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1403
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1402
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1401
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1400
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1399
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1398
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1397
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1396
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1395
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1394
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1393
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1392
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1391
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1390
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1389
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1388
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1387
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1386
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1385
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1384
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1383
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1382
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1381
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1380
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1379
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1378
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1377
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1376
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1375
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1374
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1373
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1372
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2869
Remote Address: DSLDEVICE.LAN:1371
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2062
Remote Address: WY-IN-F19.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5.LAN:2052
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2050
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2048
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2040
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2038
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2036
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2034
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2022
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2018
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2016
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2014
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2012
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:2010
Remote Address: DSLDEVICE.LAN:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:1786
Remote Address: A92-122-16-100.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5.LAN:1719
Remote Address: WY-IN-F18.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5.LAN:1715
Remote Address: WY-IN-F18.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5.LAN:1297
Remote Address: BY2MSG1020810.GATEWAY.EDGE.MESSENGER.LIVE.COM:1863
Type: TCP
Process: C:\Program Files\Messenger\msmsgs.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5.LAN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-844AEAC0A5:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:2061
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1959
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1787
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1783
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1779
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1777
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1772
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1742
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1718
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1716
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:10080
Remote Address: LOCALHOST:1714
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:5152
Remote Address: LOCALHOST:1440
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: YOUR-844AEAC0A5:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:2061
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1785
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: YOUR-844AEAC0A5:1718
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1714
Remote Address: LOCALHOST:10080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1442
Remote Address: LOCALHOST:1441
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1441
Remote Address: LOCALHOST:1442
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1439
Remote Address: LOCALHOST:1438
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1438
Remote Address: LOCALHOST:1439
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-844AEAC0A5:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:51493
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-844AEAC0A5:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-844AEAC0A5.LAN:1900
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
State: NA

Local Address: YOUR-844AEAC0A5.LAN:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-844AEAC0A5.LAN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-844AEAC0A5.LAN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-844AEAC0A5.LAN:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-844AEAC0A5:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-844AEAC0A5:1302
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-844AEAC0A5:1036
Remote Address: NA
Type: UDP
Process: C:\Program Files\Messenger\msmsgs.exe
State: NA

Local Address: YOUR-844AEAC0A5:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-844AEAC0A5:51493
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
State: NA

Local Address: YOUR-844AEAC0A5:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-844AEAC0A5:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-844AEAC0A5:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: D:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{B01E8ED6-95B5-4381-A1C4-8341C4F8B2E9}
Status: Access denied

Kapersky Scan Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 29, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 28, 2009 22:40:48
Records in database: 2699722
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 84161
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:31:06

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmsewmycpa.dll.vir Infected: Trojan.Win32.Tdss.aply 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kbiwkmxsnsxyte.dll.vir Infected: Trojan.Win32.Tdss.aplz 1
D:\Video\mIRC 6.3 + keygen\mIRC 6.3 + keygen\mIRC - English.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
D:\Video\mIRC 6.3 + keygen.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1

Selected area has been scanned.

#8
emeraldnzl

Posted 29 August 2009 - 02:46 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello sahilp,

Looking good. The only ones found by Kaspersky were either quarantined in the tools we have been using or were false positives.

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
MBAM log
and tell me how your computer is now

#9
sahilp

Posted 29 August 2009 - 04:43 PM

New Member

Topic Starter
Member
7 posts

Hey. Here's the log from the MBAM scan:

Malwarebytes' Anti-Malware 1.40
Database version: 2713
Windows 5.1.2600 Service Pack 3

29/08/2009 23:40:55
mbam-log-2009-08-29 (23-40-55).txt

Scan type: Quick Scan
Objects scanned: 91063
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10
emeraldnzl

Posted 29 August 2009 - 04:50 PM

GeekU Instructor

GeekU Moderator
20,051 posts

And the second thing. How is your computer now?

#11
sahilp

Posted 30 August 2009 - 01:13 AM

New Member

Topic Starter
Member
7 posts

Yeah, it seems to be working ok. The redirect problem has gone away and my PC seems to boot a bit faster, which is good. So, I guess if that's it, then thanks very much! Your help is very much appreciated.

#12
emeraldnzl

Posted 30 August 2009 - 01:19 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again sahilp,

I think your machine is clean.

We have a couple of last steps to perform and then you're all set. Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Step 2

Make sure you have an Internet Connection.
Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to.

-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at if you don't already know a bout them:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting
Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners
AdAware SE Personal
Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!