Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Lots Of Viruses (win 32 Small)and Malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 buttcrum

buttcrum

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 19 April 2007 - 08:28 PM

i have some viruses or malware or something that i cant remove. i used adaware and spybot searth and destroy many times and then avast antivirus and searched until theres nothing left to find. then i have done this many times now and i still keep getting pop ups and more viruses and malware. sometimes i will get a random blue screen and my computer will shut off and restart back up. i do not know what to do next. i need help please



Logfile of HijackThis v1.99.1
Scan saved at 4:52:06 PM, on 4/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Real\RealPlayer\realplay.exe
D:\WC3Banlist\WC3Banlist.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\antivirus stuff\HijackThis.exe

R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - C:\WINDOWS\System32\magakrtf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: General Socket Service - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 April 2007 - 07:00 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum buttcrum :thumbsup:

First of all go to and delete:
D:\antivirus stuff\HijackThis.exe

Now download and install Hijackthis.
This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default,a desktop shortcut will also be created.

*****************************

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

*****************************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

****************************

Please go to:
C:\Program Files\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Also post the Smitfraudfix report and the contents of the results file Report.txt from SDFix.
Posted Image
Posted Image

#3 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 21 April 2007 - 11:29 AM

i did everything that you told me and here are the logs


Logfile of HijackThis v1.99.1
Scan saved at 9:24:44 AM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\abc.bat.exe

R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - \
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {26FDBA7D-6BDB-470A-9EE3-AAFE73A801D5} - C:\WINDOWS\system32\geefe.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - C:\Program Files\Windows Media Player\hokemoryc.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {B9697716-61E6-4FBC-89FD-EAC504D9EFE3} - C:\WINDOWS\system32\pmnkjij.dll
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - C:\WINDOWS\system32\glu3dsp.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\system32\geefe.dll
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\SYSTEM32\glu3dsp.dll
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\SYSTEM32\pmnkjij.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - C:\WINDOWS\System32\magakrtf.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: General Socket Service - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe




SDFix: Version 1.79

Run by THOAI TANG - Sat 04/21/2007 - 2:42:45.14

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
kprof
mousecrm
ntldr.sys
poof
rdriv
Runtime
Windows Configuration Loader

ImagePath:
"" -e mc-110-12-0000501
\??\C:\WINDOWS\system32\kprof
C:\WINDOWS\System32\mousecrm.exe
\??\C:\ntldr.sys
\??\C:\WINDOWS\system32\poof
\??\C:\WINDOWS\system32\rdriv.sys
\??\C:\WINDOWS\System32\drivers\runtime.sys
"C:\WINDOWS\svchost.exe"

Client IP-IPX - Deleted
kprof - Deleted
mousecrm - Deleted
ntldr.sys - Deleted
poof - Deleted
rdriv - Deleted
Runtime - Deleted
Windows Configuration Loader - Deleted

Killing PID 152 'smss.exe'
Killing PID 224 'winlogon.exe'
Killing PID 224 'winlogon.exe'

ndis.sys Infected!

Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version...

Original ndis.sys Restored


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\6S3GD9OT\CAX4NYJ3.HTM - Deleted
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\M52M6SWK\CAD8ZMVV.HTM - Deleted
C:\CP1041.NLS - Deleted
C:\CP1334.NLS - Deleted
C:\CP1467.NLS - Deleted
C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun12.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun13.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun14.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun15.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun16.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun21.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun22.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun23.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun24.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun25.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun28.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun29.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun21.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun22.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun23.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun24.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun27.exe - Deleted
C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun28.exe - Deleted
C:\WINDOWS\Temp\stdrun2.exe - Deleted
C:\WINDOWS\Temp\stdrun3.exe - Deleted
C:\WINDOWS\Temp\stdrun4.exe - Deleted
C:\DOCUME~1\THOAIT~1\LOCALS~1\Temp\tmp7.tmp.exe - Deleted
C:\DOCUME~1\THOAIT~1\LOCALS~1\Temp\tmp8.tmp.exe - Deleted
C:\DOCUME~1\THOAIT~1\LOCALS~1\Temp\tmpB.tmp.exe - Deleted
C:\Documents and Settings\THOAI TANG\ie_updater.exe - Deleted
C:\DOCUME~1\THOAIT~1\LOCALS~1\Temp\installer.exe - Deleted
C:\sstray.exe - Deleted
C:\svhost.exe - Deleted
C:\WINDOWS\1.exe - Deleted
C:\WINDOWS\lcass.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\D.tmp - Deleted
C:\WINDOWS\system32\20.tmp - Deleted
C:\WINDOWS\system32\21.tmp - Deleted
C:\WINDOWS\system32\22.tmp - Deleted
C:\WINDOWS\system32\23.tmp - Deleted
C:\WINDOWS\system32\24.tmp - Deleted
C:\WINDOWS\system32\25.tmp - Deleted
C:\WINDOWS\system32\26.tmp - Deleted
C:\WINDOWS\system32\27.tmp - Deleted
C:\WINDOWS\system32\10.tmp - Deleted
C:\WINDOWS\system32\17.tmp - Deleted
C:\WINDOWS\system32\19.tmp - Deleted
C:\WINDOWS\system32\1A.tmp - Deleted
C:\WINDOWS\system32\1C.tmp - Deleted
C:\WINDOWS\system32\1D.tmp - Deleted
C:\WINDOWS\system32\1E.tmp - Deleted
C:\WINDOWS\system32\1F.tmp - Deleted
C:\WINDOWS\system32\ipv6mons.dll - Deleted
C:\WINDOWS\system32\uvnx.exe - Deleted
C:\WINDOWS\Uninst2.htm - Deleted
C:\WINDOWS\Unist1.htm - Deleted
C:\WINDOWS\winlog.exe - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
:lzx32.sys 81410
Total size: 81410 bytes.

system32: deleted 81410 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------


Rootkit PE386 Active, Use a Rootkit scanner !

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\qwertybot.exe"="C:\\WINDOWS\\system32\\qwertybot.exe:*:Enabled:qwertybot"
"C:\\WINDOWS\\SVCHOST.EXE"="C:\\WINDOWS\\SVCHOST.EXE:*:Enabled:SVCHOST"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINDOWS\system32\awtrr.dll
C:\WINDOWS\system32\geefe.dll
C:\WINDOWS\system32\xxwur.dll
C:\WINDOWS\system32\E9049E4DDC.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\Temp\18467.tmp.LOG

Finished




SmitFraudFix v2.167

Scan done at 2:37:08.45, Sat 04/21/2007
Run from C:\Documents and Settings\THOAI TANG\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

hosts


C:\


C:\WINDOWS

C:\WINDOWS\svchost.exe FOUND !

C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\THOAI TANG


C:\Documents and Settings\THOAI TANG\Application Data


Start Menu


C:\DOCUME~1\THOAIT~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32

pe386 detected, use a Rootkit scanner


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{61F63C05-3275-471E-9F51-A52331BFE19F}: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61F63C05-3275-471E-9F51-A52331BFE19F}: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\..\{61F63C05-3275-471E-9F51-A52331BFE19F}: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30


Scanning for wininet.dll infection


End

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 April 2007 - 11:36 AM

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

**********************************

Download\unzip to your desktop AVG Anti-Rootkit Free:
http://free.grisoft.com/softw/70free/setup...up-1.1.0.42.exe
Launch AVG,click on the 'Search for Rootkits' tab.
Then click on 'Perform in-depth search'.
When the scan has finished click on 'Save result to file'.
Copy and paste those results into your next reply.
Also post the Smitfraudfix report and a new Hijackthis log please.
Posted Image
Posted Image

#5 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 22 April 2007 - 01:35 AM

my safe mode doesnt work. i go into safe mode and pick a user. then it goes to black screen and asks if i want to do system restore and i say no. then it stays black. usually it goes to the desktop and things load but the whole screen stays black. i can get to task manager and i looked at the porcesses and explorer.exe isnt there. then i went to new tasks in task manager and typed system restore and the message asking if i want to restore comes up again. i said no and i load to desktop and this message comes up

windows cannot find '/idlist,:thumbsup::1004,c:windows/system', make sure
you type the name correctly, and then try again to search for a file
click the start button, and then click search

then it goes back to black screen of safe mode. in task manager explorer.exe comes back for a few seconds and then it dissapears again whenever i start the system restore task. is there any way to fix this because it takes a long time to do stuff in safe mode when its like that. is it a virus or did i delete something wrong and i need to fix it. explorer.exe works fine in normal mode.



the only thing that avg found is c windows/system32/lzx32.sys


SmitFraudFix v2.167

Scan done at 22:13:37.08, Sat 04/21/2007
Run from C:\Documents and Settings\THOAI TANG\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{61F63C05-3275-471E-9F51-A52331BFE19F}: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61F63C05-3275-471E-9F51-A52331BFE19F}: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.4.8.229 68.4.16.30 68.2.16.30


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 April 2007 - 05:00 AM

Launch AVG Anti-Rootkit,click on the 'Search for Rootkits' tab.
Then click on 'Perform in-depth search'.
When the scan has finished,remove/delete the following:
c windows/system32/lzx32.sys
When you've done that exit the program.

*****************************

Download rustbfix.exe and save it to your desktop:
http://www.uploads.ejvindh.net/rustbfix.exe
Double click on rustbfix.exe to run the tool.
If a Rustock.b-infection is found, you will be asked to reboot the computer.
The reboot will probably take quite a while,possibly two reboots will be needed,this should happen automatically..
After the reboot two logfiles will/should open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
If you're still infected,post the contents of those logfiles along with a new HijackThis log.
Posted Image
Posted Image

#7 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 22 April 2007 - 09:41 PM

i am still getting a bunch of pop ups whenever i get onto internet explorer.



Logfile of HijackThis v1.99.1
Scan saved at 7:36:50 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\bittorrent.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Explorer.exe
C:\Program Files\HijackThis\abc.bat.exe

R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - \
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp2.tmp.dll
O2 - BHO: (no name) - {2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} - C:\WINDOWS\system32\geefe.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\xrfgurdl.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - C:\Program Files\Windows Media Player\hokemoryc.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {B9697716-61E6-4FBC-89FD-EAC504D9EFE3} - C:\WINDOWS\system32\pmnkjij.dll
O2 - BHO: (no name) - {C6FF7AC1-43B6-449C-8DD7-409FE1BBF763} - (no file)
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - C:\WINDOWS\system32\glu3dsp.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\system32\geefe.dll
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\SYSTEM32\glu3dsp.dll
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\SYSTEM32\pmnkjij.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - C:\WINDOWS\System32\magakrtf.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: General Socket Service - Unknown owner - C:\WINDOWS\SVCHOST.EXE (file missing)
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hbmaytbn

*******************

Script file located at: \??\C:\WINDOWS\system32\jqdbauxa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.



************************* Rustock.b-fix -- By ejvindh *************************
Sun 04/22/2007 13:45:54.99

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
No streams found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 April 2007 - 03:37 AM

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

****************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
Post the contents of C:\vundofix.txt,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#9 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 23 April 2007 - 06:01 PM

here are the logs


"THOAI TANG" - 07-04-23 15:41:57 Service Pack 2
ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\THOAI TANG\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtrr.dll
C:\WINDOWS\system32\rqoll.dll
C:\WINDOWS\system32\xxwur.dll
C:\WINDOWS\system32\gxupvlbc.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\rrtwa.ini
C:\WINDOWS\system32\lloqr.ini
C:\WINDOWS\system32\ruwxx.ini
C:\WINDOWS\system32\glu3dsp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\1.exe
C:\WINDOWS\rising81.exe
C:\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat
C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
C:\DOCUME~1\THOAIT~1\APPLIC~1\Dxcknwrd.dll
C:\WINDOWS\updater.exe
C:\WINDOWS\system32\tmp2.tmp.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\bszip.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\server.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\uni_eh10.exe
C:\WINDOWS\system32\IExplorer.dll .dbt
C:\WINDOWS\notedad.exe
C:\WINDOWS\system32\f.dll
C:\Documents and Settings\All Users.\documents\settings
C:\WINDOWS\system32\bund1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\core
-------\General Socket Service
-------\nm
-------\LEGACY_CORE
-------\LEGACY_DRIVERPP
-------\LEGACY_GENERAL_SOCKET_SERVICE
-------\LEGACY_NM


((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))


2007-04-23 15:21 <DIR> d-------- C:\VundoFix Backups
2007-04-22 21:54 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-22 21:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-22 19:30 32,768 --a------ C:\WINDOWS\system32\mp43.exe
2007-04-22 17:22 <DIR> d-------- C:\avenger
2007-04-22 13:45 <DIR> d-------- C:\Rustbfix
2007-04-21 22:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
2007-04-21 22:28 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-21 22:28 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-04-21 22:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-04-21 22:01 <DIR> d-------- C:\Program Files\BitTorrent
2007-04-21 11:37 106,767 --a------ C:\WINDOWS\vtrrqo.dll
2007-04-21 10:28 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-04-21 10:28 <DIR> d-------- C:\DOCUME~1\THOAIT~1\APPLIC~1\DNA
2007-04-21 02:37 1,862 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-20 14:56 21,504 --a------ C:\WINDOWS\system32\msnhlp32.dll
2007-04-20 14:55 17,408 --a------ C:\WINDOWS\system32\tmrsrv32.exe
2007-04-20 14:54 81,412 --a------ C:\WINDOWS\system32\idleserv.exe
2007-04-20 14:54 12,800 --a------ C:\WINDOWS\system32\user_32.dll
2007-04-20 14:54 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-04-16 22:48 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-15 12:11 <DIR> d-------- C:\DOCUME~1\THOAIT~1\.housecall6.6
2007-04-14 22:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-14 16:26 <DIR> d--h----- C:\WINDOWS\PIF
2007-04-14 09:31 <DIR> d-------- C:\WINDOWS\system32\micro1
2007-04-13 19:55 135,432 --a------ C:\WINDOWS\system32\abcdefgh.dll
2007-04-13 00:14 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-13 00:14 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-05 18:04 <DIR> d-------- C:\DOCUME~1\THOAIT~1\APPLIC~1\BitTorrent
2007-03-27 11:56 <DIR> d-------- C:\Program Files\Neffy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-14 21:13 -------- d-------- C:\Program Files\messenger
2007-04-11 00:43 -------- d--h----- C:\Program Files\installshield installation information
2007-04-11 00:43 -------- d-------- C:\Program Files\sony
2007-04-11 00:42 -------- d-------- C:\Program Files\moodlogic
2007-04-11 00:41 -------- d-------- C:\Program Files\itunes
2007-04-07 16:08 -------- d-------- C:\Program Files\steam
2007-04-07 16:05 -------- d-------- C:\Program Files\quicktime
2007-04-05 14:54 -------- d-------- C:\DOCUME~1\THOAIT~1\APPLIC~1\limewire
2007-03-23 04:20 0 --a------ C:\WINDOWS\system32\athprxy(3).dll
2007-03-22 12:50 -------- d-------- C:\DOCUME~1\THOAIT~1\APPLIC~1\move networks
2007-02-05 21:52 0 --a--c--- C:\WINDOWS\system32\athprxy(2).dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00E31F74-CFFD-4551-8AAB-622160CA6D8A} \
{2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} C:\WINDOWS\system32\geefe.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} D:\SPYBOT~1\SDHelper.dll
{ADA2BE9E-E914-4556-B560-C9DE15672283} C:\Program Files\Windows Media Player\hokemoryc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SpybotSD TeaTimer"="D:\\Spybot - Search & Destroy\\TeaTimer.exe"
"BitTorrent"="\"D:\\bittorrent.exe\" --force_start_minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"svchost"="C:\\WINDOWS\\SVCHOST.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Uimiapp"="{10850CF0-D540-4DCA-B05F-73D8ABED929F}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geefe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\glu3dsp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkjij

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Quicken Scheduled Updates.lnk"
"backup"="C:\\WINDOWS\\pss\\Quicken Scheduled Updates.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Quicken\\bagent.exe "
"item"="Quicken Scheduled Updates"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remocon Driver.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remocon Driver.lnk"
"backup"="C:\\WINDOWS\\pss\\Remocon Driver.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\sony\\usbsircs\\usbsircs.exe "
"item"="Remocon Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^THOAI TANG^Start Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
"path"="C:\\Documents and Settings\\THOAI TANG\\Start Menu\\Programs\\Startup\\Click to DVD Automatic Mode Launcher.lnk"
"backup"="C:\\WINDOWS\\pss\\Click to DVD Automatic Mode Launcher.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Sony\\CLICKT~1\\ctdatsvr.exe "
"item"="Click to DVD Automatic Mode Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^THOAI TANG^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\THOAI TANG\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hcontrol"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ATK0100\\Hcontrol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKSERV.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HKserv"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\HotKey Utility\\HKserv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1124510339\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISBMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\ISB Utility\\ISBMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\izone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ein"
"hkey"="HKLM"
"command"="C:\\ein.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICO"
"hkey"="HKLM"
"command"="ICO.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0870 STISvc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe P0870Pin.dll,RunDLL32EP 513"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="29"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\29.tmp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PartSeal"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMConsole.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VMConsole"
"hkey"="HKLM"
"command"="C:\\Program Files\\sony\\vaio media integrated server\\Platform\\VMConsole.exe /windowmin"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command 9DSetup_USA_CB_v2.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\autoplay.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 15:49:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...





VundoFix V6.3.20

Checking Java version...

Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 3:21:09 PM 4/23/2007

Listing files found while scanning....

C:\WINDOWS\system32\efeeg.bak1
C:\WINDOWS\system32\efeeg.bak2
C:\WINDOWS\system32\efeeg.ini
C:\WINDOWS\system32\efeeg.ini2
C:\WINDOWS\system32\efeeg.tmp
C:\WINDOWS\system32\fafygyan.dll
C:\WINDOWS\system32\geefe.dll
C:\WINDOWS\system32\gmxlmyws.dll
C:\WINDOWS\system32\gsqipskn.dll
C:\WINDOWS\system32\knqydhle.dll
C:\WINDOWS\system32\ldimakfd.dll
C:\WINDOWS\system32\mljheda.dll
C:\WINDOWS\system32\mmulmdsu.dll
C:\WINDOWS\system32\ouinpteu.dll
C:\WINDOWS\system32\pmnkjij.dll
C:\WINDOWS\system32\rtofxqrp.dll
C:\WINDOWS\system32\sufebrxc.dll
C:\WINDOWS\system32\tmp8.tmp.dll
C:\WINDOWS\system32\vpmrdoso.dll
C:\WINDOWS\system32\wiioofuo.dll
C:\WINDOWS\system32\xrfgurdl.dll
C:\WINDOWS\system32\ybwplife.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\efeeg.bak1
C:\WINDOWS\system32\efeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\efeeg.bak2
C:\WINDOWS\system32\efeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\efeeg.ini
C:\WINDOWS\system32\efeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\efeeg.ini2
C:\WINDOWS\system32\efeeg.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\efeeg.tmp
C:\WINDOWS\system32\efeeg.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\fafygyan.dll
C:\WINDOWS\system32\fafygyan.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geefe.dll
C:\WINDOWS\system32\geefe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gmxlmyws.dll
C:\WINDOWS\system32\gmxlmyws.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsqipskn.dll
C:\WINDOWS\system32\gsqipskn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\knqydhle.dll
C:\WINDOWS\system32\knqydhle.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ldimakfd.dll
C:\WINDOWS\system32\ldimakfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljheda.dll
C:\WINDOWS\system32\mljheda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmulmdsu.dll
C:\WINDOWS\system32\mmulmdsu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ouinpteu.dll
C:\WINDOWS\system32\ouinpteu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnkjij.dll
C:\WINDOWS\system32\pmnkjij.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rtofxqrp.dll
C:\WINDOWS\system32\rtofxqrp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sufebrxc.dll
C:\WINDOWS\system32\sufebrxc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vpmrdoso.dll
C:\WINDOWS\system32\vpmrdoso.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wiioofuo.dll
C:\WINDOWS\system32\wiioofuo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xrfgurdl.dll
C:\WINDOWS\system32\xrfgurdl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ybwplife.dll
C:\WINDOWS\system32\ybwplife.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnkjij.dll
C:\WINDOWS\system32\pmnkjij.dll Has been deleted!

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 15:51, on 07-04-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\bittorrent.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\abc.bat.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - \
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} - C:\WINDOWS\system32\geefe.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - C:\Program Files\Windows Media Player\hokemoryc.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C6FF7AC1-43B6-449C-8DD7-409FE1BBF763} - (no file)
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - C:\WINDOWS\System32\magakrtf.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 23 April 2007 - 06:15 PM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\vtrrqo.dll
C:\WINDOWS\system32\abcdefgh.dll
C:\WINDOWS\System32\magakrtf.dll
C:\Program Files\Windows Media Player\hokemoryc.dll
D:\bittorrent.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Also post a new Hijackthis log please.

Posted Image
Posted Image

#11 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 24 April 2007 - 07:10 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fpidfjbt

*******************

Script file located at: \??\C:\Program Files\xhbxstqi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\vtrrqo.dll deleted successfully.
File C:\WINDOWS\system32\abcdefgh.dll deleted successfully.
File C:\WINDOWS\System32\magakrtf.dll deleted successfully.
File C:\Program Files\Windows Media Player\hokemoryc.dll deleted successfully.
File D:\bittorrent.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






Logfile of HijackThis v1.99.1
Scan saved at 17:07, on 07-04-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\abc.bat.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - \
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} - C:\WINDOWS\system32\geefe.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - C:\Program Files\Windows Media Player\hokemoryc.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C6FF7AC1-43B6-449C-8DD7-409FE1BBF763} - (no file)
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - C:\WINDOWS\System32\magakrtf.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 25 April 2007 - 02:21 AM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - \
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} - C:\WINDOWS\system32\geefe.dll (file missing)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - C:\Program Files\Windows Media Player\hokemoryc.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C6FF7AC1-43B6-449C-8DD7-409FE1BBF763} - (no file)
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - C:\WINDOWS\System32\magakrtf.dll (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#13 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 25 April 2007 - 08:01 PM

my computer is running a lot better. everthing is a lot faster thanks for your help
but i dont know why everything that i deleted with hijackthis is still there. i did what u told me


Created at: 07:36 07-04-25

+ Scan result:



C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002058.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP6\A0033094.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/abcdefgh.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002050.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002051.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002052.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002053.dll -> Adware.BraveSentry : Cleaned with backup (quarantined).
HKU\S-1-5-20\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-20\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3703743986-1688933636-1528826043-1005\Software\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007399.dll -> Adware.Lucky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002120.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002201.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005294.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017692.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018174.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005249.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007401.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002048.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002022.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002040.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0003220.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0003241.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017923.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018003.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018148.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP6\A0033096.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/hokemoryc.dll -> Adware.TTC : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/tmp7.tmp.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025489.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0032921.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0032932.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljheda.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\pmnkjij.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002021.exe -> Adware.WebBuying : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002056.exe -> Adware.WebBuying : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007539.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007581.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\z6.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0000007.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0001018.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002031.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002226.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0003231.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0003248.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0004260.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005248.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017724.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018112.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002046.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\THOAI TANG\Local Settings\Temporary Internet Files\Content.IE5\WDGDK74V\CAQ36BYL.php -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/tmp8.tmp.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025490.exe -> Downloader.Agent.bjk : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\updater.exe.vir -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun2.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun23.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun24.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun25.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002110.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002190.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002197.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002206.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002213.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007584.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0017991.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018105.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018107.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025475.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025478.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025479.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025480.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033006.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Desktop\waves.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6S3GD9OT\waves[1].exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6S3GD9OT\exp1[1].htm -> Downloader.Agent.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6S3GD9OT\exp3[1].htm -> Downloader.Agent.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M52M6SWK\exp2[1].htm -> Downloader.Agent.u : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M52M6SWK\exp4[1].htm -> Downloader.Agent.u : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\glu3dsp.dll.vir -> Downloader.ConHook : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033028.dll -> Downloader.ConHook : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\rising81.exe.vir -> Downloader.Delf.bhy : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\server.exe.vir -> Downloader.Delf.bhy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033004.exe -> Downloader.Delf.bhy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033011.exe -> Downloader.Delf.bhy : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/ie_updater.exe -> Downloader.Murlo.fd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018136.exe -> Downloader.Murlo.fd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025443.exe -> Downloader.Murlo.fd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025461.exe -> Downloader.Murlo.fd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6S3GD9OT\z-014-3[1].htm -> Downloader.Psyme.ek : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45CVWXYN\serv[1] -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018157.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/svhost.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017921.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018005.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018145.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025445.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025488.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005292.exe -> Downloader.Small.emw : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\NOTEDAD.EXE.vir -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033015.EXE -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mp43.exe -> Downloader.VB.ahq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017732.dll -> Downloader.VB.apq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018123.dll -> Downloader.VB.apq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msnhlp32.dll -> Downloader.VB.apq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017738.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0017989.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018117.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\user_32.dll -> Downloader.VB.asx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005254.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007537.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007579.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tmrsrv32.exe -> Downloader.VB.avl : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\uni_eh10.exe.vir -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007569.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017709.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033014.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\micro1\zin5.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017743.exe -> Dropper.Agent.bge : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018131.exe -> Dropper.Agent.bge : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/SVCHOST.EXE -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018102.EXE -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025448.EXE -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025487.EXE -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun15.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun16.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002194.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025473.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025474.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Desktop\msiexec.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M52M6SWK\msiexec[1].exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun13.exe -> Hijacker.Delf.hj : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun14.exe -> Hijacker.Delf.hj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025471.exe -> Hijacker.Delf.hj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025472.exe -> Hijacker.Delf.hj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005253.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017737.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0017988.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018118.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018232.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\idleserv.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/ndis.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025442.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025465.sys -> Not-A-Virus.SpamTool.Win32.Agent.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017686.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018171.dll -> Proxy.Agent.jk : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XMNKHAV\33[1] -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017667.exe -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018158.exe -> Proxy.Dlena.ad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002073.exe -> Proxy.Dlena.cb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017719.dll -> Proxy.Horst : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018194.dll -> Proxy.Horst : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/partnership.dll -> Proxy.Xorpix.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025466.dll -> Proxy.Xorpix.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005259.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007571.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017766.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018139.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun3.exe -> Rootkit.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002216.exe -> Rootkit.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025484.exe -> Rootkit.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Desktop\install.exe -> Rootkit.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\USV8HGMM\install[1].exe -> Rootkit.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@findwhat[2].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Infinite-ads : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai [email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\THOAI TANG\Cookies\thoai tang@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0000014.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002014.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002015.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002016.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002024.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017674.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017693.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018159.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018175.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP6\A0033098.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/vtrrqo.dll -> Trojan.Agent.agv : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45CVWXYN\1303[1] -> Trojan.Agent.bou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018183.exe -> Trojan.Agent.bou : Cleaned with backup (quarantined).
C:\Documents and Settings\THOAI TANG\Local Settings\Temporary Internet Files\Content.IE5\WDGDK74V\fish20070418[1] -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp2.tmp.dll.vir -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/tmpB.tmp.exe -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0017994.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018233.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025491.exe -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033007.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017721.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017722.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017739.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017741.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018114.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018126.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018128.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018129.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018195.dll -> Trojan.BHO.o : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun27.exe -> Trojan.LdPinch : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun28.exe -> Trojan.LdPinch : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun29.exe -> Trojan.LdPinch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025481.exe -> Trojan.LdPinch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025482.exe -> Trojan.LdPinch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025483.exe -> Trojan.LdPinch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017695.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0017951.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018178.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018209.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017657.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018106.exe -> Trojan.Small.mf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002126.exe -> Trojan.Small.mi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002203.exe -> Trojan.Small.mi : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IX6RGD2R\3003z[1] -> Trojan.Spambot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018193.exe -> Trojan.Spambot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002210.exe -> Trojan.Tibs.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005296.exe -> Trojan.Tibs.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005297.exe -> Trojan.Tibs.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005299.exe -> Trojan.Tibs.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0002017.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007570.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0007572.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017649.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017650.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017651.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017678.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017682.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP2\A0017708.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018151.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018155.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018156.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018163.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018168.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018192.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\f.dll.vir -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP5\A0033016.dll -> Trojan.Vqten : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP1\A0005382.dll -> Worm.Bid : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0018197.exe -> Worm.Zhelatin.cw : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temp\137.exe -> Worm.Zhelatin.cz : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Local Settings\Temp\137.exe -> Worm.Zhelatin.cz : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun21.exe -> Worm.Zhelatin.dd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/stdrun22.exe -> Worm.Zhelatin.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025476.exe -> Worm.Zhelatin.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D8063CFD-4BA1-446E-8538-EB41859E0281}\RP3\A0025477.exe -> Worm.Zhelatin.dd : Cleaned with backup (quarantined).


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 17:57, on 07-04-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
D:\bittorrent.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\abc.bat.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C6FF7AC1-43B6-449C-8DD7-409FE1BBF763} - (no file)
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\antivirus stuff\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} -
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\antivirus stuff\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 26 April 2007 - 04:36 AM

Please make sure you do the following with Spybot Search & Destroy.
Disable Spybot S&Ds protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.

********************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {00E31F74-CFFD-4551-8AAB-622160CA6D8A} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - (no file)
O2 - BHO: (no name) - {2B7CF8A5-EE05-4505-98AF-03E51AFCAFD4} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {ADA2BE9E-E914-4556-B560-C9DE15672283} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {C6FF7AC1-43B6-449C-8DD7-409FE1BBF763} - (no file)
O2 - BHO: (no name) - {c7c02d80-c49b-41db-9ccc-3fdf0018a8cc} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} -
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: geefe - C:\WINDOWS\
O20 - Winlogon Notify: glu3dsp - C:\WINDOWS\
O20 - Winlogon Notify: pmnkjij - C:\WINDOWS\
O21 - SSODL: Uimiapp - {10850CF0-D540-4DCA-B05F-73D8ABED929F} - (no file)


Exit Hijackthis.

*******************************

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete:
D:\bittorrent.exe
Restart your pc normally,post a new Hijackthis log please.
Posted Image
Posted Image

#15 buttcrum

buttcrum
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 26 April 2007 - 05:49 PM

do i have to delete bittorrent i am using it to dl stuff?


Logfile of HijackThis v1.99.1
Scan saved at 15:45, on 07-04-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\antivirus stuff\AVG Anti-Spyware 7.5\avgas.exe
D:\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\abc.bat.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\THOAI TANG\Application Data\Mozilla\Profiles\default\uc3xzh14.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\antivirus stuff\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\antivirus stuff\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users