BleepingComputer.com: Hijacked hosts file?! Plz help

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Hijacked hosts file?! Plz help

#1 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 10 December 2008 - 01:47 PM

Mod. edit. Referred here from Am I Infected. Please read this topic: http://www.bleepingcomputer.com/forums/topic183575.html for information about what's been done. ~ OB

I am the admin on my pc, but there are times when an error message pops up saying that I don't have the admin rights. Someone has hijacked my Online Armor firewall and now there are a ridiculous amount of redirected hosts files under the "trusted" section which I cannot alter. I've run almost every anti-spyware I can find, and everything keeps coming up clean, so it has to be hiding as another process. Also, I have trend micro anti-virus, but it will not allow me to update anymore. I got avast to compensate.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-11 10:36:28
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 71 GB (31%) free of 231 GB
Total RAM: 3062 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:41 AM, on 12/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\YarghMatee\aswUpdSv.exe
C:\Program Files\Alwil Software\YarghMatee\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Alwil Software\YarghMatee\ashDisp.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
c:\program files\windows defender\MpCmdRun.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
G:\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\YarghMatee\ashDisp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Windows\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\ashWebSv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6989 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-10-06 6223048]
"avast!"=C:\Program Files\Alwil Software\YarghMatee\ashDisp.exe [2008-11-26 81000]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-09-12 36352]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-07-28 5418864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2008-02-22 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-02-04 154136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-02-04 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-11-21 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-02-04 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-22 4718592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-03-31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe [2007-08-27 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [2008-02-29 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
C:\Program Files\Sony\First Experience\WelcomeLauncher.exe [2007-10-17 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [2008-02-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MRI_DISABLED

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-04 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-08-14 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\Online Armor\oaevent.dll [2008-10-06 886984]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 2 months======

2008-12-10 16:08:44 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 12:57:48 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 12:57:30 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 12:57:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 12:57:02 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 12:56:26 ----A---- C:\Windows\explorer.exe
2008-12-10 12:56:08 ----A---- C:\Windows\system32\mshtml.dll
2008-12-10 12:56:06 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 12:56:05 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 12:56:04 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 12:56:02 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 12:56:00 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 12:55:58 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 12:55:41 ----A---- C:\Windows\system32\mf.dll
2008-12-10 12:55:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 12:55:36 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 12:55:36 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 12:26:32 ----A---- C:\Windows\ntbtlog.txt
2008-12-09 12:14:50 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-09 11:56:18 ----D---- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-12-09 11:56:18 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 11:54:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-08 09:42:46 ----A---- C:\Windows\system32\wups2.dll
2008-12-08 09:42:46 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-08 09:42:45 ----A---- C:\Windows\system32\wucltux.dll
2008-12-08 09:42:45 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-08 09:41:42 ----A---- C:\Windows\system32\wups.dll
2008-12-08 09:41:42 ----A---- C:\Windows\system32\wudriver.dll
2008-12-08 09:41:41 ----A---- C:\Windows\system32\wuapi.dll
2008-12-08 09:41:19 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-08 09:41:19 ----A---- C:\Windows\system32\wuapp.exe
2008-12-02 11:05:09 ----A---- C:\Windows\gmer.ini
2008-12-02 11:04:30 ----A---- C:\Windows\gmer_uninstall.cmd
2008-12-02 11:04:30 ----A---- C:\Windows\gmer.dll
2008-12-02 09:51:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-02 09:50:55 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-02 09:50:55 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-02 09:50:55 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-02 09:50:49 ----A---- C:\Windows\system32\connect.dll
2008-12-01 11:40:55 ----AD---- C:\ProgramData\TEMP
2008-12-01 11:40:11 ----D---- C:\Program Files\SpywareBlaster
2008-12-01 10:26:20 ----A---- C:\Windows\system32\EncDec.dll
2008-12-01 10:26:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-17 15:03:32 ----D---- C:\ProgramData\WindowsSearch
2008-11-17 10:37:21 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-17 10:37:12 ----D---- C:\Program Files\Alwil Software
2008-11-13 08:40:14 ----A---- C:\Windows\system32\msxml3.dll
2008-11-13 08:40:11 ----A---- C:\Windows\system32\netapi32.dll
2008-11-13 08:39:59 ----A---- C:\Windows\system32\wersvc.dll
2008-11-13 08:39:59 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-13 08:39:49 ----A---- C:\Windows\system32\win32spl.dll
2008-11-13 08:39:37 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 09:54:19 ----D---- C:\Users\Owner\AppData\Roaming\COWON
2008-11-11 13:13:20 ----D---- C:\Program Files\LS
2008-11-11 10:46:40 ----D---- C:\Users\Owner\AppData\Roaming\OnlineArmor
2008-11-11 10:46:40 ----D---- C:\ProgramData\OnlineArmor
2008-11-10 13:46:35 ----D---- C:\ComboFix
2008-11-10 13:44:29 ----A---- C:\Bug.txt
2008-11-10 13:43:26 ----D---- C:\Windows\ERDNT
2008-11-10 13:43:26 ----D---- C:\Qoobox
2008-11-10 09:00:42 ----D---- C:\Program Files\Lavasoft
2008-11-10 09:00:40 ----D---- C:\ProgramData\Lavasoft
2008-11-05 13:15:36 ----D---- C:\ProgramData\Winamp Toolbar
2008-11-05 13:13:18 ----D---- C:\Users\Owner\AppData\Roaming\Winamp
2008-11-05 13:13:18 ----D---- C:\Program Files\Winamp
2008-11-01 17:58:54 ----D---- C:\Users\Owner\AppData\Roaming\dvdcss
2008-10-29 08:13:38 ----D---- C:\rsit
2008-10-29 07:55:28 ----D---- C:\Users\Owner\AppData\Roaming\InstallShield
2008-10-23 13:06:41 ----D---- C:\Users\Owner\AppData\Roaming\123 Free Solitaire
2008-10-23 13:06:28 ----D---- C:\Program Files\123 Free Solitaire
2008-10-20 11:57:30 ----D---- C:\Program Files\IObit
2008-10-20 09:27:46 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-10-20 09:27:29 ----D---- C:\ProgramData\Malwarebytes
2008-10-20 09:27:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 09:21:18 ----D---- C:\Program Files\Tall Emu
2008-10-20 09:21:15 ----D---- C:\OnlineArmor
2008-10-16 08:31:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-16 08:31:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-15 08:53:26 ----D---- C:\ProgramData\Yahoo! Companion
2008-10-13 08:31:51 ----D---- C:\Users\Owner\AppData\Roaming\Any Video Converter

======List of files/folders modified in the last 2 months======

2008-12-11 10:37:04 ----D---- C:\Windows\Prefetch
2008-12-11 10:36:19 ----D---- C:\Windows\Temp
2008-12-11 10:11:20 ----SHD---- C:\System Volume Information
2008-12-11 09:44:49 ----D---- C:\Windows\System32
2008-12-11 09:44:47 ----D---- C:\Windows\rescache
2008-12-11 09:35:07 ----D---- C:\Windows\inf
2008-12-11 09:35:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-11 09:33:28 ----D---- C:\Windows\system32\drivers
2008-12-10 23:43:00 ----D---- C:\Windows\winsxs
2008-12-10 23:32:50 ----D---- C:\Windows\system32\catroot
2008-12-10 23:29:31 ----D---- C:\Program Files\Windows Mail
2008-12-10 23:29:30 ----D---- C:\Windows\AppPatch
2008-12-10 23:29:29 ----D---- C:\Windows\system32\en-US
2008-12-10 23:29:29 ----AD---- C:\Windows
2008-12-10 16:15:02 ----SHD---- C:\Windows\Installer
2008-12-10 16:14:33 ----D---- C:\ProgramData\Microsoft Help
2008-12-10 12:54:24 ----D---- C:\Windows\system32\catroot2
2008-12-09 12:14:50 ----HD---- C:\ProgramData
2008-12-09 12:13:28 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2008-12-09 11:56:18 ----RD---- C:\Program Files
2008-12-09 11:54:19 ----D---- C:\Program Files\Common Files
2008-12-09 11:30:42 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-02 11:03:39 ----RA---- C:\Windows\gmer.exe
2008-12-01 11:53:27 ----D---- C:\Windows\Microsoft.NET
2008-12-01 11:52:58 ----D---- C:\Windows\ehome
2008-11-19 13:52:21 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 09:00:00 ----D---- C:\Windows\system32\Tasks
2008-11-17 21:47:18 ----D---- C:\Windows\Debug
2008-11-16 10:23:43 ----D---- C:\Windows\system32\LogFiles
2008-11-13 09:54:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 09:29:56 ----D---- C:\Windows\system32\config
2008-11-13 09:29:34 ----D---- C:\Windows\Tasks
2008-11-13 09:29:34 ----D---- C:\Windows\system32\spool
2008-11-13 09:29:34 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-13 09:29:30 ----D---- C:\Program Files\Yahoo!
2008-11-13 09:29:26 ----D---- C:\Program Files\Sony
2008-11-13 09:29:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-13 09:29:24 ----D---- C:\Program Files\InterVideo
2008-11-13 09:29:23 ----D---- C:\Program Files\Common Files\InterVideo
2008-11-13 09:29:20 ----D---- C:\Windows\registration
2008-11-13 08:30:37 ----D---- C:\Windows\system32\Msdtc
2008-11-13 08:30:34 ----D---- C:\Windows\system32\wbem
2008-11-11 15:40:19 ----RSD---- C:\Windows\assembly
2008-11-11 10:02:08 ----D---- C:\ProgramData\Sony Corporation
2008-11-10 10:15:02 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2008-11-03 19:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-11-01 12:21:47 ----D---- C:\ProgramData\Roxio
2008-10-29 07:56:58 ----D---- C:\Program Files\Trend Micro
2008-10-20 12:51:28 ----D---- C:\Program Files\Adobe
2008-10-20 12:00:37 ----SD---- C:\ProgramData\Microsoft
2008-10-16 15:21:04 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-12-13 10216]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2008-10-06 178376]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2008-10-06 30920]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-02-16 65936]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-02-05 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2008-02-16 52496]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2008-02-16 138384]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2008-02-16 52240]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-02-05 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-22 164400]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-02-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-02-05 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-04 1776128]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-22 2032280]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-18 2222080]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2008-10-06 29384]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-12-16 9344]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-02-05 659968]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-05 246784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-12-02 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-26 128104]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\YarghMatee\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\YarghMatee\ashServ.exe [2008-11-26 155160]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-10-06 1402568]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-10-06 3321032]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-16 333064]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-08-14 182392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-07-28 3577192]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-02-05 386560]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\YarghMatee\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\YarghMatee\ashWebSv.exe [2008-11-26 352920]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2007-11-28 53248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2007-11-28 53248]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2007-11-28 77824]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-02-15 73728]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-03-31 279848]
S4 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-02-15 184320]
S4 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2008-02-15 147456]

-----------------EOF-----------------

This post has been edited by Azrea: 11 December 2008 - 10:40 AM

#2 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 17 December 2008 - 07:48 AM

Hello Azrea

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Rsit log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 17 December 2008 - 09:16 AM

Thanks for helping me. Here's an updated log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-17 09:13:42
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 64 GB (28%) free of 231 GB
Total RAM: 3062 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:57 AM, on 12/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\YarghMatee\aswUpdSv.exe
C:\Program Files\Alwil Software\YarghMatee\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Alwil Software\YarghMatee\ashDisp.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Windows\System32\svchost.exe
G:\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\YarghMatee\ashDisp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MRI_DISABLED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Windows\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\YarghMatee\ashWebSv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6983 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-10-06 6223048]
"avast!"=C:\Program Files\Alwil Software\YarghMatee\ashDisp.exe [2008-11-26 81000]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-09-12 36352]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-07-28 5418864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2008-02-22 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2008-02-04 154136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2008-02-04 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-11-21 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2008-02-04 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-22 4718592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2008-03-31 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe [2007-08-27 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [2008-02-29 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
C:\Program Files\Sony\First Experience\WelcomeLauncher.exe [2007-10-17 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [2008-02-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MRI_DISABLED

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-04 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-08-14 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\Online Armor\oaevent.dll [2008-10-06 886984]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 2 months======

2008-12-10 16:08:44 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 12:57:48 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 12:57:30 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 12:57:27 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 12:57:02 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 12:56:26 ----A---- C:\Windows\explorer.exe
2008-12-10 12:56:08 ----A---- C:\Windows\system32\mshtml.dll
2008-12-10 12:56:06 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 12:56:05 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 12:56:04 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 12:56:02 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 12:56:00 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 12:55:58 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 12:55:41 ----A---- C:\Windows\system32\mf.dll
2008-12-10 12:55:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 12:55:36 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 12:55:36 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 12:26:32 ----A---- C:\Windows\ntbtlog.txt
2008-12-09 12:14:50 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-09 11:56:18 ----D---- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2008-12-09 11:56:18 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-09 11:54:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-08 09:42:46 ----A---- C:\Windows\system32\wups2.dll
2008-12-08 09:42:46 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-08 09:42:45 ----A---- C:\Windows\system32\wucltux.dll
2008-12-08 09:42:45 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-08 09:41:42 ----A---- C:\Windows\system32\wups.dll
2008-12-08 09:41:42 ----A---- C:\Windows\system32\wudriver.dll
2008-12-08 09:41:41 ----A---- C:\Windows\system32\wuapi.dll
2008-12-08 09:41:19 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-08 09:41:19 ----A---- C:\Windows\system32\wuapp.exe
2008-12-02 11:05:09 ----A---- C:\Windows\gmer.ini
2008-12-02 11:04:30 ----A---- C:\Windows\gmer_uninstall.cmd
2008-12-02 11:04:30 ----A---- C:\Windows\gmer.dll
2008-12-02 09:51:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-02 09:50:55 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-02 09:50:55 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-02 09:50:55 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-02 09:50:49 ----A---- C:\Windows\system32\connect.dll
2008-12-01 11:40:55 ----AD---- C:\ProgramData\TEMP
2008-12-01 11:40:11 ----D---- C:\Program Files\SpywareBlaster
2008-12-01 10:26:20 ----A---- C:\Windows\system32\EncDec.dll
2008-12-01 10:26:09 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-17 15:03:32 ----D---- C:\ProgramData\WindowsSearch
2008-11-17 10:37:21 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-17 10:37:12 ----D---- C:\Program Files\Alwil Software
2008-11-13 08:40:14 ----A---- C:\Windows\system32\msxml3.dll
2008-11-13 08:40:11 ----A---- C:\Windows\system32\netapi32.dll
2008-11-13 08:39:59 ----A---- C:\Windows\system32\wersvc.dll
2008-11-13 08:39:59 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-13 08:39:49 ----A---- C:\Windows\system32\win32spl.dll
2008-11-13 08:39:37 ----A---- C:\Windows\system32\msxml6.dll
2008-11-12 09:54:19 ----D---- C:\Users\Owner\AppData\Roaming\COWON
2008-11-11 13:13:20 ----D---- C:\Program Files\LS
2008-11-11 10:46:40 ----D---- C:\Users\Owner\AppData\Roaming\OnlineArmor
2008-11-11 10:46:40 ----D---- C:\ProgramData\OnlineArmor
2008-11-10 13:46:35 ----D---- C:\ComboFix
2008-11-10 13:44:29 ----A---- C:\Bug.txt
2008-11-10 13:43:26 ----D---- C:\Windows\ERDNT
2008-11-10 13:43:26 ----D---- C:\Qoobox
2008-11-10 09:00:42 ----D---- C:\Program Files\Lavasoft
2008-11-10 09:00:40 ----D---- C:\ProgramData\Lavasoft
2008-11-05 13:15:36 ----D---- C:\ProgramData\Winamp Toolbar
2008-11-05 13:13:18 ----D---- C:\Users\Owner\AppData\Roaming\Winamp
2008-11-05 13:13:18 ----D---- C:\Program Files\Winamp
2008-11-01 17:58:54 ----D---- C:\Users\Owner\AppData\Roaming\dvdcss
2008-10-29 08:13:38 ----D---- C:\rsit
2008-10-29 07:55:28 ----D---- C:\Users\Owner\AppData\Roaming\InstallShield
2008-10-23 13:06:41 ----D---- C:\Users\Owner\AppData\Roaming\123 Free Solitaire
2008-10-23 13:06:28 ----D---- C:\Program Files\123 Free Solitaire
2008-10-20 11:57:30 ----D---- C:\Program Files\IObit
2008-10-20 09:27:46 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-10-20 09:27:29 ----D---- C:\ProgramData\Malwarebytes
2008-10-20 09:27:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 09:21:18 ----D---- C:\Program Files\Tall Emu
2008-10-20 09:21:15 ----D---- C:\OnlineArmor

======List of files/folders modified in the last 2 months======

2008-12-17 09:14:07 ----D---- C:\Windows\Temp
2008-12-17 09:10:59 ----D---- C:\Windows\Prefetch
2008-12-17 09:09:48 ----SHD---- C:\System Volume Information
2008-12-17 09:09:47 ----D---- C:\Windows\System32
2008-12-17 09:09:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-17 09:09:46 ----D---- C:\Windows\inf
2008-12-17 09:08:43 ----D---- C:\Windows\system32\drivers
2008-12-15 08:58:37 ----D---- C:\Windows\system32\catroot2
2008-12-12 12:05:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-11 16:00:59 ----D---- C:\Windows\system32\WDI
2008-12-11 14:57:06 ----D---- C:\Windows\Debug
2008-12-11 09:44:47 ----D---- C:\Windows\rescache
2008-12-10 23:43:00 ----D---- C:\Windows\winsxs
2008-12-10 23:32:50 ----D---- C:\Windows\system32\catroot
2008-12-10 23:29:31 ----D---- C:\Program Files\Windows Mail
2008-12-10 23:29:30 ----D---- C:\Windows\AppPatch
2008-12-10 23:29:29 ----D---- C:\Windows\system32\en-US
2008-12-10 23:29:29 ----AD---- C:\Windows
2008-12-10 16:15:02 ----SHD---- C:\Windows\Installer
2008-12-10 16:14:33 ----D---- C:\ProgramData\Microsoft Help
2008-12-09 18:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-09 12:14:50 ----HD---- C:\ProgramData
2008-12-09 12:13:28 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2008-12-09 11:56:18 ----RD---- C:\Program Files
2008-12-09 11:54:19 ----D---- C:\Program Files\Common Files
2008-12-02 11:03:39 ----RA---- C:\Windows\gmer.exe
2008-12-01 11:53:27 ----D---- C:\Windows\Microsoft.NET
2008-12-01 11:52:58 ----D---- C:\Windows\ehome
2008-11-19 13:52:21 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 09:00:00 ----D---- C:\Windows\system32\Tasks
2008-11-16 10:23:43 ----D---- C:\Windows\system32\LogFiles
2008-11-13 09:54:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 09:29:56 ----D---- C:\Windows\system32\config
2008-11-13 09:29:34 ----D---- C:\Windows\Tasks
2008-11-13 09:29:34 ----D---- C:\Windows\system32\spool
2008-11-13 09:29:34 ----D---- C:\Windows\system32\CodeIntegrity
2008-11-13 09:29:31 ----D---- C:\ProgramData\Yahoo! Companion
2008-11-13 09:29:30 ----D---- C:\Program Files\Yahoo!
2008-11-13 09:29:26 ----D---- C:\Program Files\Sony
2008-11-13 09:29:24 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-13 09:29:24 ----D---- C:\Program Files\InterVideo
2008-11-13 09:29:23 ----D---- C:\Program Files\Common Files\InterVideo
2008-11-13 09:29:20 ----D---- C:\Windows\registration
2008-11-13 08:30:37 ----D---- C:\Windows\system32\Msdtc
2008-11-13 08:30:34 ----D---- C:\Windows\system32\wbem
2008-11-11 15:40:19 ----RSD---- C:\Windows\assembly
2008-11-11 10:02:08 ----D---- C:\ProgramData\Sony Corporation
2008-11-10 10:15:02 ----D---- C:\Users\Owner\AppData\Roaming\LimeWire
2008-11-01 12:21:47 ----D---- C:\ProgramData\Roxio
2008-10-29 07:56:58 ----D---- C:\Program Files\Trend Micro
2008-10-20 12:51:28 ----D---- C:\Program Files\Adobe
2008-10-20 12:00:37 ----SD---- C:\ProgramData\Microsoft
2008-10-20 09:44:19 ----D---- C:\Users\Owner\AppData\Roaming\Any Video Converter

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-12-13 10216]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2008-10-06 178376]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2008-10-06 30920]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-02-16 65936]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-02-05 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2008-02-16 52496]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2008-02-16 138384]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2008-02-16 52240]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-02-05 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-02-22 164400]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-02-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-02-05 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-04 1776128]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-22 2032280]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-18 2222080]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2008-10-06 29384]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-12-16 9344]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-02-05 659968]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-05 246784]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-12-02 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-26 128104]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\YarghMatee\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\YarghMatee\ashServ.exe [2008-11-26 155160]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-10-06 1402568]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-10-06 3321032]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-16 333064]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-08-14 182392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-07-28 3577192]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-02-05 386560]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\YarghMatee\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\YarghMatee\ashWebSv.exe [2008-11-26 352920]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2007-11-28 53248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2007-11-28 53248]
S3 SOHCImp;VAIO Media plus Content Importer; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
S3 SOHDms;VAIO Media plus Digital Media Server; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
S3 SOHDs;VAIO Media plus Device Searcher; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2007-11-28 77824]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2008-02-15 73728]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2008-03-31 279848]
S4 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2008-02-15 184320]
S4 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2008-02-15 147456]

-----------------EOF-----------------

#4 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 18 December 2008 - 07:58 AM

Hi please download Catchme.exe from Here save it to your desktop.
Then right click on AVast and choosec stop all protection (or the equivalent to that) double click on it to run Catchme let it finish if any protection program wanrs you about something as Catchme is running please disable whatever vloacked it and run catchme again please.

It will create a notepad log on your desktop please post it here in your next reply and also can you tell me what sites are in your trusted zone that you cannot alter?

This post has been edited by kahdah: 18 December 2008 - 07:59 AM

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 18 December 2008 - 10:38 AM

Catchme didn't save a log file, but the scans were clean. The "trusted" sites are too many to mention. I could type for an hour straight on the list there and I wouldn't even be half done. I keep getting the blue screens, but I'm not sure if it's from the issues or if it's a program.

#6 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 18 December 2008 - 10:11 PM

Can you tell me what the blue screens say?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 19 December 2008 - 01:45 PM

It says: A problem has been detected and Windows has been shut down to prevent damage to your computer.
PAGE_FAULT_IN_NONPAGED_AREA

At the bottom is says:
Tech info *** STOP: 0x00000050, 0xAB6A4C60, 0x00000008, 0xAB6A4C60, 0x00000000

#8 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 19 December 2008 - 07:08 PM

Hi that is almost always a ram or memory issue.
I do not see any signs of malware on your system.
===================================
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Trend Micro.
It is also recommened too remove SOy Sweeper if you are not paying for it.
============================================================
Uninstall those items and reboot a few times and let's see how it runs then.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 30 December 2008 - 10:55 AM

Hi, sorry for the delay in my response. My access to wireless is very limited.
I cannot remove or update trend micro which leads me to believe that I have picked up something. Also, I had these problems before I had installed the second anti-virus, so I'm not sure.
Spy Sweeper came with the laptop and on the main screen of it says that 19,516 items are blocked. Does that mean that is the amount known to the database or are those things being blocked on my pc? Should I uninstall Online Armor and get a different firewall?

#10 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 30 December 2008 - 07:09 PM

When you have 2 antivirus programs installed it can cause issues like this.
The things Spysweeper says it has blocked are threats that have already been dealt with.
I still would remove that by uninstall.
If you cannot uninstall it then follow the directions here > http://www.mydigitallife.info/2008/07/15/h...72008-manually/

See if that gets you anywhere.
Your firewall is fine any security program can get compromised.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 02 January 2009 - 11:08 AM

Happy New Year! I tried the removal process you posted, but I just got the blue screen again. I restarted to attempt it again, but this time it said I didn't have the admin rights again. I ran it as admin, but same result with blue screen. If it is a RAM issue, is there any other fix than to upgrade? Poor college kid = broke.

This post has been edited by Azrea: 02 January 2009 - 12:03 PM

#12 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 02 January 2009 - 01:43 PM

Try to pull out one of the sticks of ram to see if it still happens if it does then replace that stick then do the same with the other slot.
if neither stick resolves the issue the try to install a single ram stick in an entirely different slot to see if it makes a difference.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 02 January 2009 - 05:39 PM

Uhh, ok. How do I do that?

#14 User is offline   kahdah 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 10,658
  • Joined: 27-October 06
  • Gender:Male
  • Location:Florida

Posted 03 January 2009 - 08:28 AM

If you have a desktop system open the case then follow these instructions:
http://www.helpwithpcs.com/upgrading/insta..._memory_ram.htm

If a laptop then the below:
http://www.smartcomputing.com/editorial/ar...s09%2F21s09.asp
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 User is offline   Azrea 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 20
  • Joined: 18-November 08

Posted 06 January 2009 - 10:37 AM

I followed the link, but you need to subscribe to the site to view the important bits of the article. I found a few sites with similar things, but figured you would know the more reputable ones. Any other suggestions?

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users