Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log:trojans Running On My Pc Only Works In Safe Mode?


  • Please log in to reply
9 replies to this topic

#1 joshyboy

joshyboy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 23 July 2008 - 12:55 AM

Im a new mmber and managed somehow to get a trojan because I dont run my antivirus anymore, can you look at my log and tell me if anything is wrong or should be deleted? my pc only runs in safemode otherwise it is locked up. I got one message from norton once that said I have a backdoor trojan and a trojan.dropper and two other threats I cant recall, but I have a sony vaio pcg-k23 and my vaio recovery is no longer loading so I cant do a that anymore. Here is the log from hijackthis: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:43 PM, on 7/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Speeditup Free\Data\CheckUp.dat
D:\Bitcomet Components\BitComet Acceleration Patch\BitComet Acceleration Patch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [Stomp DLA] "C:\Program Files\Stomp\DLA\dlatray.exe" /t
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [{1a88757d-edac-bc08-bf9e-9ffe815f4f16}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\jfkrjawgittbcti.dll" DllStart
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [40252847] rundll32.exe "C:\WINDOWS\System32\dnxwqtpx.dll",b
O4 - HKLM\..\Run: [BM43161bdb] Rundll32.exe "C:\WINDOWS\System32\epakhlvm.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\Bitcomet Components\bitcomet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ICROSO~1.NET\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Oaxd] C:\WINDOWS\??sembly\d?xplore.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKCU\..\RunOnce: [gi1690829371] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4EQOT.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4EODI" /exename:"C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe"
O4 - HKCU\..\RunOnce: [gi990978295] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4N8U7.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4N763" /exename:"C:\Program Files\Enigma Software Group\SpyHunter\Download\update.exe"
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Bitcomet Components\bitcomet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 10401 bytes

Your Help will be so much appreciated as I am no computer guru.

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 AM

Posted 24 July 2008 - 06:34 AM

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post back with the Malwarebytes' Anti-Malware log and a new HijackThis log.

#3 joshyboy

joshyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2008 - 04:58 PM

Cool im doing it right now, and will post back shortly...

#4 joshyboy

joshyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 24 July 2008 - 06:12 PM

Here is new hijack log after antimalware, except some items couldnt be fixed because they needed a reboot to fix and I can only boot up in safe mode or else nothing functions itll just freeze up, otherwise here and thanks so much for your help...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:24 PM, on 7/24/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [Stomp DLA] "C:\Program Files\Stomp\DLA\dlatray.exe" /t
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ICROSO~1.NET\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Oaxd] C:\WINDOWS\??sembly\d?xplore.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKCU\..\RunOnce: [gi1690829371] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4EQOT.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4EODI" /exename:"C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe"
O4 - HKCU\..\RunOnce: [gi990978295] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4N8U7.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4N763" /exename:"C:\Program Files\Enigma Software Group\SpyHunter\Download\update.exe"
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Bitcomet Components\bitcomet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 9844 bytes



Ok, here is malwarebytes, antimalware log...
Malwarebytes' Anti-Malware 1.23
Database version: 988
Windows 5.1.2600 Service Pack 1

3:53:12 PM 7/24/2008
mbam-log-7-24-2008 (15-53-12).txt

Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 150426
Time elapsed: 1 hour(s), 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 79

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\khfGxXpo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnlkkkk.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7eff2ed-0c8f-4d7e-bb95-5a43d0145352} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c7eff2ed-0c8f-4d7e-bb95-5a43d0145352} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7f6f09f-6cab-4693-8034-03697d624cf8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7f6f09f-6cab-4693-8034-03697d624cf8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a131e43f-26fc-557c-ff3d-0ea2e69f43ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a131e43f-26fc-557c-ff3d-0ea2e69f43ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5fb7a9ad-2a19-7b9f-540f-399fcad60ee6} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fb7a9ad-2a19-7b9f-540f-399fcad60ee6} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlkkkk (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\targetedbanner (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40252847 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1a88757d-edac-bc08-bf9e-9ffe815f4f16} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{82336a8d-6cd0-4647-b791-75fca8cf2b39} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm43161bdb (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WMDM PMSP Service (Backdoor.Knocker) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgxxpo -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfgxxpo -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\BDE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bin1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dv32 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vdll (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\khfGxXpo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opXxGfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opXxGfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylchhx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnxwqtpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xptqwxnd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fdsixfhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghfxisdf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhpixwvf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fvwxiphh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inbyojhx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xhjoybni.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwsvobvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvbovswj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lawivypy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypyviwal.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlkkkk.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\ddp.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\?icrosoft.NET\winlogon.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfkrjawgittbcti.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\hur4s2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\ik3mr5.exe (Trojan.Peed) -> Quarantined and deleted successfully.
C:\z77cl2.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0XY7SD6F\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CXQZC1QF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RNXJZT8W\kbg04311[1] (Trojan.Peed) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RNXJZT8W\yazzsnet[1].exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP28\A0015791.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP28\A0015792.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP28\A0015800.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP28\A0018879.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP28\A0018881.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\444.470 (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iucsvz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msjrbjya.exe (Trojan.Peed) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovrrjult.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttiqvjmtuguzaiom.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xhypiekc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bin1\tocoDB3.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vdll\shotrem3.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-3076342926-3554156925-2345730486-1005\Dd1.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dv32\LKremp43.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2bUi46.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2LDqsC.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4iQ0up.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8DVMdk.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AEYiU3.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AIanuS.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DlfGSK.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\e0qSYh.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FeOBJG.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fezpGv.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\g0eVxY.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HXvutL.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\J1p2rh.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KH7W0e.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\l0EUgf.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leRFSd.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NE6E32.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nPMVbG.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oLLK23.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ORVVfS.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Pf9NAi.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Px2q58.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SvcXUe.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TkjdSE.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UiX73s.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VAUGDe.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkfhfk.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yF6jeK.syz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oddflfcf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBqRjji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnMGYQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM43161bdb.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM43161bdb.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCuSkI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGabXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUlMdba.dll (Trojan.vundo) -> Quarantined and deleted successfully.


wow, thats alot of junk aint it, soo what now?

#5 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 AM

Posted 25 July 2008 - 08:25 AM

We need more information to be able to fix the infection:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


#6 joshyboy

joshyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 July 2008 - 02:04 PM

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-25 12:01:55
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 1 Restore Point(s) --
1: 2008-07-21 00:44:35 UTC - RP28 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:37 PM, on 7/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\83SHO7QF\dss[1].exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Bitcomet Components\bitcomet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZZZ] C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe
O4 - HKLM\..\Run: [Stomp DLA] "C:\Program Files\Stomp\DLA\dlatray.exe" /t
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Iinl] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ICROSO~1.NET\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Oaxd] C:\WINDOWS\??sembly\d?xplore.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O4 - HKCU\..\RunOnce: [gi1690829371] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4EQOT.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4EODI" /exename:"C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe"
O4 - HKCU\..\RunOnce: [gi990978295] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4N8U7.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4N763" /exename:"C:\Program Files\Enigma Software Group\SpyHunter\Download\update.exe"
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Bitcomet Components\bitcomet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe

--
End of file - 10300 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080722-222737-429 O15 - Trusted Zone: *.sxload.net (HKLM)
backup-20080722-222737-728 O4 - HKLM\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"
backup-20080722-222737-848 O4 - HKCU\..\Run: [xloadnet] "C:\Program Files\xloadnet\xloadnet.exe"

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys <Not Verified; VERITAS Software, Inc.; >
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys <Not Verified; VERITAS Software, Inc.; >

S2 drvnddm - c:\windows\system32\drivers\drvnddm.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsndres - c:\windows\system32\dla\tfsndres.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys <Not Verified; VERITAS Software, Inc.; >
S2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys <Not Verified; VERITAS Software, Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 PACSPTISVR - c:\progra~1\common~1\sonysh~1\avlib\pacspt~1.exe <Not Verified; ; PACSPTISVR Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-24 15:58:00 0 d-------- C:\Documents and Settings\joshua\Application Data\Malwarebytes
2008-07-24 14:33:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-24 14:32:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 14:32:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 22:05:34 0 d-------- C:\Program Files\Trend Micro
2008-07-22 19:59:21 0 d-------- C:\WINDOWS\Speeditup Free
2008-07-22 19:59:21 0 d-------- C:\Program Files\Speeditup Free
2008-07-22 16:55:37 105328 --a------ C:\WINDOWS\System32\bupjwb.dll
2008-07-22 16:55:34 105328 --a------ C:\WINDOWS\System32\fvbbryaa.dll
2008-07-22 16:55:24 91488 --a------ C:\WINDOWS\System32\epakhlvm.dll
2008-07-21 16:56:08 105280 --a------ C:\WINDOWS\System32\vvpwnq.dll
2008-07-21 16:56:06 105280 --a------ C:\WINDOWS\System32\nvepbmwh.dll
2008-07-21 16:55:57 91440 --a------ C:\WINDOWS\System32\ddjwdchn.dll
2008-07-21 16:34:58 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-07-20 14:11:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-20 14:11:20 0 d-------- C:\Program Files\Spyware Doctor
2008-07-20 14:11:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-07-20 12:52:01 0 d-------- C:\Program Files\Enigma Software Group
2008-07-20 12:51:28 91520 --a------ C:\WINDOWS\System32\sjvflagx.dll
2008-07-19 12:23:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-07-19 12:16:24 2560 --a------ C:\WINDOWS\System32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-07-18 22:30:20 105328 --a------ C:\WINDOWS\System32\kudeik.dll
2008-07-18 22:30:18 105328 --a------ C:\WINDOWS\System32\fmwdcdvo.dll
2008-07-18 22:21:18 91520 --a------ C:\WINDOWS\System32\ongpotrk.dll
2008-07-17 22:23:15 105200 --a------ C:\WINDOWS\System32\zobsjz.dll
2008-07-17 22:23:14 105200 --a------ C:\WINDOWS\System32\rkgwcgfb.dll
2008-07-17 22:20:14 91440 --a------ C:\WINDOWS\System32\caeqsoys.dll
2008-07-17 17:02:15 10240 --a------ C:\a5d409.exe
2008-07-17 16:12:22 0 d-------- C:\WINDOWS\??sembly
2008-07-17 16:11:56 0 d-------- C:\WINDOWS\System32\aumsDK01
2008-07-17 16:11:56 0 d-------- C:\Program Files\xloadnet
2008-07-17 16:11:55 0 d-------- C:\Temp
2008-07-17 15:48:34 0 d-------- C:\Program Files\BitComet
2008-07-08 16:48:32 0 d-------- C:\Program Files\Common Files\AOL
2008-07-08 16:48:28 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-07 16:39:58 0 d-------- C:\Program Files\Norton Internet Security
2008-06-29 17:15:30 0 d-------- C:\Documents and Settings\joshua\Application Data\Adobe
2008-06-29 17:15:12 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-29 14:28:15 180736 --a------ C:\WINDOWS\System32\Sony XBRITE.scr
2008-06-29 13:04:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-06-29 11:30:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia


-- Find3M Report ---------------------------------------------------------------

2008-07-25 11:53:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-20 17:44:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-19 16:03:21 0 d-------- C:\Program Files\Common Files
2008-07-07 16:50:18 0 d-------- C:\Program Files\Symantec
2008-07-07 16:33:49 0 d-------- C:\Program Files\Online Services
2008-07-06 20:16:35 0 d-------- C:\Program Files\Microsoft Works
2008-07-01 23:40:09 0 d-------- C:\Program Files\Sony
2008-07-01 15:20:24 90832 --a------ C:\WINDOWS\NSUninst.exe
2008-07-01 15:20:23 9289 --a------ C:\WINDOWS\mozver.dat
2008-06-29 17:24:39 0 d-------- C:\Program Files\InterVideo
2008-06-23 22:26:04 552 --a------ C:\WINDOWS\System32\d3d8caps.dat
2008-06-23 18:26:48 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-23 17:03:17 20928 --a------ C:\hcw8cv.exe
2008-06-23 17:01:54 612 --a------ C:\ua0tpc.exe
2008-06-23 17:01:54 612 --a------ C:\6hgorh.exe
2008-06-23 17:01:53 612 --a------ C:\e3gio4.exe
2008-06-23 16:59:36 20928 --a------ C:\sl4mou.exe
2008-06-22 11:26:22 0 d-------- C:\Program Files\WinAVI Video Converter
2008-06-22 11:24:19 0 d-------- C:\Program Files\Ahead
2008-06-22 11:24:11 0 d-------- C:\Program Files\GoldEsel
2008-06-22 11:08:00 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-22 11:05:26 0 d-------- C:\Program Files\Nero
2008-06-20 20:47:18 0 d-------- C:\Program Files\Stomp
2008-06-18 23:49:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-18 23:29:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-18 23:20:39 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-18 23:20:29 0 d-------- C:\Program Files\Common Files\Sony Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/07/2003 06:21 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/27/2004 09:10 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/11/2003 11:03 PM]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [01/17/2004 03:36 AM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 11:29 AM]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [11/03/2003 11:55 AM]
"ZZZ"="C:\WINDOWS\Sonysys\Eflyer\EFlyer_Popup.exe" [05/16/2003 11:31 AM]
"Stomp DLA"="C:\Program Files\Stomp\DLA\dlatray.exe" [06/12/2001 01:00 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/20/2001 01:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/07/2006 01:02 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/17/2006 06:34 AM]
"IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe" [08/20/2003 06:55 AM]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [09/06/2003 09:36 AM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 10:08 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [06/19/2008 04:48 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [07/20/2008 02:13 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [02/12/2004 11:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 03:08 PM]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [07/14/2008 01:10 AM]
"Iinl"="C:\DOCUME~1\ADMINI~1\MYDOCU~1\ICROSO~1.NET\winlogon.exe" [07/17/2008 04:12 PM]
"Oaxd"="C:\WINDOWS\??sembly\d?xplore.exe" [05/29/2008 11:35 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
"gi1690829371"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4EQOT.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4EODI" /exename:"C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe"
"gi990978295"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4N8U7.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4N763" /exename:"C:\Program Files\Enigma Software Group\SpyHunter\Download\update.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [10/2/2003 2:08:08 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-07-25 12:03:12 ------------

#7 joshyboy

joshyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 25 July 2008 - 02:06 PM

ok, there it is... <above> what now?

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 AM

Posted 25 July 2008 - 04:16 PM

O4 - HKCU\..\RunOnce: [gi1690829371] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\giO4EQOT.exe" /resume:"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\31O4EODI" /exename:"C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug\spyhunterS.exe"


You appear to be running a cracked copy of SpyHunter. I highly recommend that you uninstall it and any other such programs, and delete the the installers. Not only are such programs illegal, but a lot of them will come bundled with malware, as was almost certainly the case here.

If you need freeware replacements, then take a look here:

http://www.bleepingcomputer.com/forums/topic3616.html
  • Go to start>run
  • Copy & paste this into the box
    "%userprofile%\desktop\dss.exe" /DAFT
  • Click OK
  • Place a checkmark next to the following entries (if present)
    .reg
    .scr
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • Copy & paste the contents of that logfile as a reply to this topic
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Iinl
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Oaxd
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\\gi1690829371
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\\gi990978295
    C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug
    C:\Program Files\Enigma Software Group
    C:\WINDOWS\System32\bupjwb.dll
    C:\WINDOWS\System32\fvbbryaa.dll
    C:\WINDOWS\System32\epakhlvm.dll
    C:\WINDOWS\System32\vvpwnq.dll
    C:\WINDOWS\System32\nvepbmwh.dll
    C:\WINDOWS\System32\ddjwdchn.dll
    C:\WINDOWS\System32\sjvflagx.dll
    C:\WINDOWS\System32\kudeik.dll
    C:\WINDOWS\System32\fmwdcdvo.dll
    C:\WINDOWS\System32\ongpotrk.dll
    C:\WINDOWS\System32\zobsjz.dll
    C:\WINDOWS\System32\rkgwcgfb.dll
    C:\WINDOWS\System32\caeqsoys.dll
    C:\a5d409.exe
    C:\hcw8cv.exe
    C:\ua0tpc.exe
    C:\6hgorh.exe
    C:\e3gio4.exe
    C:\sl4mou.exe
    C:\WINDOWS\System32\aumsDK01
    C:\Program Files\xloadnet
    C:\WINDOWS\??sembly /u
    purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Go to Start > Run... and copy/paste the text below into the Runbox:

"%userprofile%\desktop\dss.exe" /config

A window will open. Click on Check All, then click Scan!.

When it has finished, Deckard's System Scanner will open two Notepad files: main.txt and extra.txt- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply

#9 joshyboy

joshyboy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 27 July 2008 - 01:06 AM

OK, I did the moveit procedure but the start-then run the pasted files didnt work because I think something deleted them, when I click OK I get the message saying it cant find that particular .dss file. Also I deleted Spyhunter, Spydoctor, Stomp DLA, and that cracked version of Norton, those were all illegal i guess, wont do that again. So heres the move-it log, is there any other way to run those missing files?

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpyHunter Security Suite not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Iinl >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Iinl not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Oaxd >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Oaxd not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\\gi1690829371 >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\\gi1690829371 not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\\gi990978295 >
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\\gi990978295 not found.
C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug\Crack moved successfully.
C:\Downloads\SpyHunter Security Suite v3.4.9+Crack-HeartBug moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Rollback moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Download moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Crack moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter moved successfully.
C:\Program Files\Enigma Software Group moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\bupjwb.dll
C:\WINDOWS\System32\bupjwb.dll NOT unregistered.
C:\WINDOWS\System32\bupjwb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fvbbryaa.dll
C:\WINDOWS\System32\fvbbryaa.dll NOT unregistered.
C:\WINDOWS\System32\fvbbryaa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\epakhlvm.dll
C:\WINDOWS\System32\epakhlvm.dll NOT unregistered.
C:\WINDOWS\System32\epakhlvm.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vvpwnq.dll
C:\WINDOWS\System32\vvpwnq.dll NOT unregistered.
C:\WINDOWS\System32\vvpwnq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\nvepbmwh.dll
C:\WINDOWS\System32\nvepbmwh.dll NOT unregistered.
C:\WINDOWS\System32\nvepbmwh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ddjwdchn.dll
C:\WINDOWS\System32\ddjwdchn.dll NOT unregistered.
C:\WINDOWS\System32\ddjwdchn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\sjvflagx.dll
C:\WINDOWS\System32\sjvflagx.dll NOT unregistered.
C:\WINDOWS\System32\sjvflagx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\kudeik.dll
C:\WINDOWS\System32\kudeik.dll NOT unregistered.
C:\WINDOWS\System32\kudeik.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fmwdcdvo.dll
C:\WINDOWS\System32\fmwdcdvo.dll NOT unregistered.
C:\WINDOWS\System32\fmwdcdvo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\ongpotrk.dll
C:\WINDOWS\System32\ongpotrk.dll NOT unregistered.
C:\WINDOWS\System32\ongpotrk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\zobsjz.dll
C:\WINDOWS\System32\zobsjz.dll NOT unregistered.
C:\WINDOWS\System32\zobsjz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rkgwcgfb.dll
C:\WINDOWS\System32\rkgwcgfb.dll NOT unregistered.
C:\WINDOWS\System32\rkgwcgfb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\caeqsoys.dll
C:\WINDOWS\System32\caeqsoys.dll NOT unregistered.
C:\WINDOWS\System32\caeqsoys.dll moved successfully.
C:\a5d409.exe moved successfully.
C:\hcw8cv.exe moved successfully.
C:\ua0tpc.exe moved successfully.
C:\6hgorh.exe moved successfully.
C:\e3gio4.exe moved successfully.
C:\sl4mou.exe moved successfully.
C:\WINDOWS\System32\aumsDK01 moved successfully.
C:\Program Files\xloadnet moved successfully.
< C:\WINDOWS\??sembly /u >
C:\WINDOWS\аѕsembly moved successfully.
< purity >

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07262008_225752

#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 AM

Posted 27 July 2008 - 01:52 PM

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users