Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader Generic 7.gc


  • This topic is locked This topic is locked
4 replies to this topic

#1 marylee1126

marylee1126

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 01 May 2008 - 05:21 PM

running on windows vista premium home
i have a log from hjt i am not too sure how long i want to be online with this disease ive got har har
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:40 PM, on 5/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mary lee\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10265 bytes
also does this little log i found las night look odd or am i trippin thanks
mary


-------------------------------------------------------------------------------------
MpSigStub: Command Line: c:\6bc216fef353126ff1fa0bee\mpsigstub.exe WD /q
Start Time: Wed Apr 30 2008 19:26:47

mpsigstub.cpp:1084 ProcessIniFile() - PatchFullEngine = FALSE
mpsigstub.cpp:3159 LogDirFilesInfo() - Examining package contents.
mpsigstub.cpp:3196 LogDirFilesInfo() - Files contained in directory c:\6bc216fef353126ff1fa0bee:
mpsigstub.cpp:3247 LogDirFilesInfo() - $shtdwn$.req
mpsigstub.cpp:3247 LogDirFilesInfo() - as_delta.ini
mpsigstub.cpp:3272 LogDirFilesInfo() - mpasdlta.vdm, Version: 1.31.9309.0
mpsigstub.cpp:3272 LogDirFilesInfo() - mpsigstub.exe, Version: 1.1.2960.0
mpsigstub.cpp:3514 wWinMain() - Updating product WD...
mpsigstub.cpp:1693 NeedToUseProductName() - We are not running in Wow64.
mpsigstub.cpp:1706 NeedToUseProductName() - We are running in Windows Vista.
mpsigstub.cpp:1714 NeedToUseProductName() - We are updating WD.
mpsigstub.cpp:1738 NeedToUseProductName() - We will use the product name for locating MpClient.dll.
mpsigstub.cpp:1922 LocateAndLoadMpClient() - Path to MpClient.dll is: C:\Program Files\Windows Defender\MpClient.dll
mpsigstub.cpp:3541 wWinMain() - Successfully loaded MpClient.dll
mpsigstub.cpp:3145 LogDirFilesInfo() - Examining current signature location.
mpsigstub.cpp:3196 LogDirFilesInfo() - Files contained in directory C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB2E4D17-01D6-44B2-A894-F2EC39DF29C9}:
mpsigstub.cpp:3272 LogDirFilesInfo() - mpasbase.vdm, Version: 1.31.8400.0
mpsigstub.cpp:3272 LogDirFilesInfo() - mpasdlta.vdm, Version: 1.31.9205.0
mpsigstub.cpp:3272 LogDirFilesInfo() - mpengine.dll, Version: 1.1.3408.0
mpsigstub.cpp:2213 UpdateDefinitions() - Calling MPUpdateEngine with directory c:\6bc216fef353126ff1fa0bee.
Time Info - Wed Apr 30 2008 19:27:26
mpsigstub.cpp:2260 UpdateDefinitions() - MpUpdateEngine() completed successfully.
mpsigstub.cpp:3572 wWinMain() - Successfully updated definitions for product WD
mpsigstub.cpp:2517 VerifyProductUpdated() - We are running in Windows Vista.
mpsigstub.cpp:2556 VerifyProductUpdated() - Updating WD in Windows Vista: skipping product update check
mpsigstub.cpp:3633 wWinMain() - Going to return from main with value 0x0
MpSigStub: End Time: Wed Apr 30 2008 19:27:26
-------------------------------------------------------------------------------------

Edited by KoanYorel, 01 May 2008 - 08:14 PM.
email address removed to protect from spamming


BC AdBot (Login to Remove)

 


#2 marylee1126

marylee1126
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 01 May 2008 - 05:29 PM

oh also its so annoying but i get denied access into my most important system files , i cannot uninstall the items that caused this its awful thanks

#3 marylee1126

marylee1126
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 01 May 2008 - 07:17 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:45 PM, on 5/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mary lee\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9341 bytes






ComboFix 08-04-29.5 - mary lee 2008-05-01 16:59:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.248 [GMT -7:00]
Running from: C:\Users\mary lee\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 14:20 . 2008-05-01 14:20 318,369 --a------ C:\Users\mary lee\HiJackThis1.zip
2008-05-01 14:19 . 2008-05-01 14:20 401,720 --a------ C:\Users\mary lee\HiJackThis.exe
2008-04-30 20:09 . 2008-05-01 16:42 96 --a------ C:\index.ini
2008-04-30 20:06 . 2008-04-30 20:07 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-04-30 00:54 . 2008-04-30 14:24 <DIR> d-------- C:\Users\mary lee\AppData\Roaming\Any Video Converter
2008-04-30 00:54 . 2008-04-30 00:54 <DIR> d-------- C:\Program Files\Any Video Converter
2008-04-29 15:47 . 2008-04-29 15:47 <DIR> d-------- C:\Windows\System32\QuickTime
2008-04-29 15:47 . 2008-04-30 19:01 <DIR> d-------- C:\Windows\System32\divxcp
2008-04-29 15:47 . 2008-04-29 15:47 <DIR> d-------- C:\Windows\System32\custom matrices
2008-04-28 10:43 . 2008-04-28 10:43 <DIR> d-------- C:\Users\mary lee\AppData\Roaming\Media Player Classic
2008-04-28 10:33 . 2008-04-28 10:54 <DIR> d-------- C:\Users\mary lee\AppData\Roaming\DivX
2008-04-28 10:32 . 2008-04-28 10:54 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-26 20:49 . 2008-04-26 20:49 <DIR> d-------- C:\Users\mary lee\Shared
2008-04-26 19:44 . 2008-04-30 22:30 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-26 18:59 . 2008-04-26 20:28 <DIR> d-------- C:\Users\mary lee\AppData\Roaming\DVD Flick
2008-04-26 18:58 . 2000-05-19 17:56 81,920 --a------ C:\Windows\System32\mbmouse.ocx
2008-04-26 18:58 . 2000-11-05 15:27 36,864 --a------ C:\Windows\System32\trayicon.ocx
2008-04-26 13:49 . 2008-04-26 13:49 <DIR> d-------- C:\Users\mary lee\AppData\Roaming\vlc
2008-04-26 13:41 . 2008-04-26 13:41 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-25 16:16 . 2008-04-30 17:19 <DIR> d-------- C:\my dvd
2008-04-25 14:27 . 2008-04-26 17:46 68 --a------ C:\Windows\Easy Avi Divx Xvid to DVD Burner.INI
2008-04-23 14:20 . 2008-04-23 14:20 <DIR> d-------- C:\DCIM
2008-04-23 14:19 . 2008-04-30 12:02 <DIR> d-------- C:\Click to DVD 2
2008-04-23 13:24 . 2008-04-23 13:44 <DIR> d-------- C:\Users\All Users\Google
2008-04-23 13:24 . 2008-04-23 23:58 <DIR> d-------- C:\Program Files\Google
2008-04-08 17:02 . 2008-02-14 16:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-08 17:02 . 2008-02-18 22:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-08 17:02 . 2008-02-28 23:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-08 17:02 . 2008-02-28 23:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-08 17:02 . 2008-02-28 23:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-08 17:02 . 2008-02-28 23:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-08 17:02 . 2008-02-28 23:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-08 17:02 . 2008-02-28 23:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-08 17:02 . 2008-02-28 23:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-08 17:01 . 2008-02-28 21:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-08 17:01 . 2008-02-20 21:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-08 17:01 . 2008-03-07 19:14 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-04-08 17:01 . 2007-12-16 04:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-08 17:01 . 2007-12-16 04:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-05 10:01 . 2008-04-05 10:01 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-04-04 13:41 . 2008-04-04 13:41 715,248 --a------ C:\Windows\System32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 20:20 --------- d-----w C:\Users\mary lee\AppData\Roaming\AVG7
2008-05-01 01:28 --------- d-----w C:\Users\mary lee\AppData\Roaming\Corel
2008-05-01 01:28 --------- d-----w C:\Program Files\Corel
2008-05-01 00:41 --------- d-----w C:\Users\mary lee\AppData\Roaming\LimeWire
2008-05-01 00:36 --------- d-----w C:\ProgramData\avg7
2008-04-29 23:51 --------- d-----w C:\ProgramData\Roxio
2008-04-27 02:00 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 23:09 --------- d-----w C:\Users\mary lee\AppData\Roaming\Image Zone Express
2008-04-23 21:19 --------- d-----w C:\Users\mary lee\AppData\Roaming\Sony Corporation
2008-04-23 20:21 --------- d-----w C:\Program Files\Java
2008-04-23 20:18 --------- d-----w C:\Program Files\LimeWire
2008-04-11 10:02 --------- d-----w C:\Program Files\Windows Mail
2008-03-29 22:35 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-29 21:24 --------- d-----w C:\Program Files\SafeIT Security
2008-03-29 21:24 --------- d-----w C:\Program Files\Common Files\SafeIT Security
2008-03-22 08:15 --------- d-----w C:\Users\mary lee\AppData\Roaming\Enigma
2008-03-22 05:59 --------- d-----w C:\Program Files\Rorschach Software
2008-03-22 05:56 --------- d-----w C:\Program Files\Enigma
2008-03-21 20:30 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-03-21 20:30 120,056 ------w C:\Windows\System32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\Windows\System32\pxinsi64.exe
2008-03-21 19:53 --------- d-----w C:\Program Files\LimeWire(75)
2008-03-07 16:30 --------- d-----w C:\ProgramData\HP
2008-03-07 02:58 --------- d-----w C:\Users\mary lee\AppData\Roaming\Printer Info Cache
2008-03-07 02:50 --------- d-----w C:\ProgramData\WEBREG
2008-03-07 02:48 --------- d-----w C:\Users\mary lee\AppData\Roaming\HP
2008-03-07 02:44 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-07 00:37 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-03-07 00:37 --------- d-----w C:\Program Files\HP
2008-03-07 00:37 --------- d-----w C:\Program Files\Common Files\HP
2008-03-01 00:25 --------- d-----w C:\Program Files\Webshots
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-18 01:45 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-02-15 11:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 11:08 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 11:08 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 11:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 11:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 11:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 11:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 11:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 11:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 11:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-15 11:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 11:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 11:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-16 07:53 0 ----a-w C:\Users\mary lee\AppData\Roaming\wklnhst.dat
2007-11-29 06:00 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-11-25 08:43 174 --sha-w C:\Program Files\desktop.ini
2007-01-13 08:38 1,132,112 ----a-w C:\Users\All Users\pswi_preloaded.exe
2007-01-13 08:38 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-24 17:39 1006264]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-29 06:47 137752]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-07 19:38 835584]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 18:27 317560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 16:54 53248]
"VWLASU"="C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 11:31 45056]
"VAIOSurvey"="C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 16:30 577536]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 10:19 579584]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 18:45 219136]

C:\Users\mary lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-17 18:45 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9817CB49-FEFA-4625-9F97-FB641DC272FA}"= UDP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{F19257CD-805D-4AE1-B01C-0E9747510B9B}"= TCP:C:\Program Files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{0BCE2774-10AA-4343-83B3-492DBF2A27A2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0FA7C5E5-87E8-4760-BE2B-76FFF403E84E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FE25A8C5-E69E-4CC0-9081-88750415CCE9}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C311BEDB-BD0E-4A20-A70F-9862D5EEB35D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{ACC039D2-B428-432C-8C4F-970D1722031C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BC66A087-CED1-4E62-96E4-5441C3679B85}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{E0BA2868-3E64-4E5A-A945-D6975C3128FF}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{0AB33D90-9B78-4776-9BFA-E15A9B5FAF7E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{20635060-9B18-440E-AEB9-30825C1B4FE9}"= UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{D99838B8-7FB7-4D9F-A445-41536D559F74}"= TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{F16F719C-CF63-449E-A7F0-040EF67AC017}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B4443DC6-DA9B-498D-A314-DE3E8F134297}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{49FCE3CC-0E1D-48D8-B0E2-F3BD589A0D80}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{F411D6ED-FD52-4254-88CF-2859A7CE902B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6458D4E7-BBDD-463C-B9C4-BACEF4B1FACC}"= UDP:8891:8891
"{72842B6A-60D6-4233-BD66-5F5E26D2CD87}"= UDP:C:\Program Files\Windows Defender\MSASCui.exe:Windows Defender
"{CB882BF7-DA15-4408-977C-B483D5BB352B}"= TCP:C:\Program Files\Windows Defender\MSASCui.exe:Windows Defender
"{CA2B02B3-EDF1-4CAA-939D-8E183A7E1CB9}"= UDP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{FC404FBE-C0B5-403A-92D5-A4F7D46BF0DA}"= TCP:C:\Program Files\Grisoft\AVG7\avgw.exe:AVG Test Center
"{B72F2309-3F53-433F-BB6B-B854ACB11674}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{4A963317-A99F-4D09-A86D-F5E03AA469E7}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:AVG Control Center

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 21:09]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-15 08:12]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-29 15:35]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 06:47]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-19 06:07]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-19 06:07]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 05:17]
S3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-05-28 06:11]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 17:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 16:34]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-07-13 10:55]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-07-05 17:43]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 00:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 17:03:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 17:05:31
ComboFix-quarantined-files.txt 2008-05-02 00:05:17

Pre-Run: 101,713,346,560 bytes free
Post-Run: 101,803,073,536 bytes free

208 --- E O F --- 2008-05-01 02:27:43

Merged topics. ~ OB

Edited by Orange Blossom, 05 May 2008 - 12:16 AM.


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:18 AM

Posted 23 May 2008 - 06:49 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:18 AM

Posted 06 June 2008 - 04:56 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users