Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Logs And Malware Removal


  • This topic is locked This topic is locked
16 replies to this topic

#1 nicj97

nicj97

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 25 August 2008 - 02:58 AM

i have followed the removal instruction's can some one check my log please to see if im still infected

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:34, on 25/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu/vu2x/index.asp?u=m&h=0809
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219227009421
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15111 bytes

BC AdBot (Login to Remove)

 


#2 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 26 August 2008 - 08:19 AM

is this ok

#3 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 02 September 2008 - 01:56 AM

hello it been 7 days and no reply

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:17 AM

Posted 10 September 2008 - 08:39 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 11 September 2008 - 05:13 AM

hello thanks mate here the log and report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:49, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu/vu2x/index.asp?u=m&h=0809
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219227009421
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13374 bytes

and the report

Date: Today (events: 202)
Protection (events: 202)
11/09/2008 09:26:18 Protection is not running Kaspersky Internet Security
11/09/2008 09:16:07 Databases are obsolete Kaspersky Internet Security
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Files and Memory
11/09/2008 09:16:07 Task started Kaspersky Internet Security Files and Memory
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Email and IM
11/09/2008 09:16:07 Task started Kaspersky Internet Security Email and IM
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Web Traffic
11/09/2008 09:16:07 Task started Kaspersky Internet Security Web Traffic
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Anti-Phishing
11/09/2008 09:16:08 Task started Kaspersky Internet Security Anti-Phishing
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Anti-Dialer
11/09/2008 09:16:08 Task started Kaspersky Internet Security Anti-Dialer
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Network Attack Blocker
11/09/2008 09:16:08 Task started Kaspersky Internet Security Network Attack Blocker
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Anti-Spam
11/09/2008 09:16:08 Task started Kaspersky Internet Security Anti-Spam
Protection (events: 202)
11/09/2008 10:48:56 Allowed: KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown SPM Module Windows shutdown KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown
11/09/2008 10:48:56 Allowed: KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown SPM Module Windows shutdown KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown
11/09/2008 10:48:56 Allowed: KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown SPM Module Windows shutdown KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown
11/09/2008 10:48:56 Allowed: KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown SPM Module Windows shutdown KLPrivileges/KLPermissionSystem/KLPermissionStrange/KLWindowsShutDown
11/09/2008 10:48:08 Denied: KLPrivileges/KLSelfStart VAIO Original Screen Saver MFC Application Autorun KLPrivileges/KLSelfStart
11/09/2008 10:48:06 Denied: KLPrivileges/KLSelfStart VAIO Original Screen Saver MFC Application Autorun KLPrivileges/KLSelfStart
11/09/2008 10:48:02 Denied: KLPrivileges/KLSelfStart VAIO Original Screen Saver MFC Application Autorun KLPrivileges/KLSelfStart
11/09/2008 10:47:57 VAIO Original Screen Saver MFC Application Placed in group Untrusted High value of threat rating calculated heuristically
11/09/2008 10:18:25 Internet Explorer Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 10:09:08 Job Status Window Interface Placed in group Trusted/LEXMARK INTERNATIONAL Signed by the digital signature of entrusted manufacturers
11/09/2008 10:08:58 Print Status Window Interface Placed in group Trusted/LEXMARK INTERNATIONAL Signed by the digital signature of entrusted manufacturers
11/09/2008 09:50:46 Native Instruments FM7 Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:49:56 RealPlayer Placed in group Trusted/REALNETWORKS Signed by the digital signature of entrusted manufacturers
11/09/2008 09:45:14 YPAGER.EXE Placed in group Trusted Known on the database of the known software
11/09/2008 09:45:13 Intel® PROSet/Wireless Registry Service Placed in group Trusted/INTEL Known on the database of the known software
11/09/2008 09:45:13 PHOTOSHOPELEMENTSDEVICECONNECT.EXE Placed in group Trusted/ADOBE SYSTEMS Known on the database of the known software
11/09/2008 09:45:13 PHOTOSHOPELEMENTSFILEAGENT.EXE Placed in group Trusted/ADOBE SYSTEMS Known on the database of the known software
11/09/2008 09:45:13 Wireless Management Service Placed in group Trusted/INTEL Known on the database of the known software
11/09/2008 09:45:13 Intel® PROSet/Wireless Event Log Placed in group Trusted/INTEL Known on the database of the known software
11/09/2008 09:44:21 Notepad Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:32:28 FL Studio engine launcher Placed in group Trusted/IMAGE-LINE Known on the database of the known software
11/09/2008 09:29:56 Volume Control Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:28:46 Task started Kaspersky Internet Security Application Filtering
11/09/2008 09:20:53 LiveUpdate Engine COM Module Placed in group Trusted/SYMANTEC Signed by the digital signature of entrusted manufacturers
11/09/2008 09:20:49 Automatic LiveUpdate Module Placed in group Trusted/SYMANTEC Signed by the digital signature of entrusted manufacturers
11/09/2008 09:20:14 Installer Tool for Sony TV Tuner Library Placed in group High Restricted
11/09/2008 09:18:51 VAIO????? Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:49 Windows Search System Tray Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:48 Adobe Gamma Loader Placed in group Trusted/ADOBE SYSTEMS Known on the database of the known software
11/09/2008 09:18:48 VAIO Entertainment File Import Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:48 AcroTray Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:47 VAIO Entertainment Database Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:46 Norton Security Center Service Placed in group Trusted/SYMANTEC Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:45 VAIO Task Scheduler Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:44 YPAGER.EXE Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:44 Microsoft Windows Search Indexer Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:43 VAIO Entertainment UPnP Client Adapter Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:42 VAIO Task Scheduler Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:41 Intel® PROSet/Wireless Registry Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:40 PHOTOSHOPELEMENTSDEVICECONNECT.EXE Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:40 CTF Loader Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:40 NVIDIA Driver Helper Service, Version 70.83 Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:39 SQL Server Windows NT Placed in group Trusted/MICROSOFT Known on the database of the known software
11/09/2008 09:18:39 RealNetworks Scheduler Placed in group Trusted/REALNETWORKS Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:36 Realtek Azalia Audio - Event Monitor Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:36 Realtek HD Audio Control Panel Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:35 ISBMGR.EXE Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:24 VAIO Entertainment Remote Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:23 Microsoft© Register Server Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:21 Automatic LiveUpdate Scheduler Service Placed in group Trusted/SYMANTEC Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:19 PHOTOSHOPELEMENTSFILEAGENT.EXE Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:19 Spooler SubSystem App Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:18 Ad-Aware Service Placed in group Trusted/LAVASOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:17 Microsoft Windows Search Filter Host Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:16 Sygate Agent Firewall Placed in group Trusted/SYGATE TECHNOLOGIES Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:14 VAIO Update Placed in group Trusted/SONY Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:12 Wireless Management Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:11 Installer Tool for Sony TV Tuner Library Placed in group Untrusted High value of threat rating calculated heuristically
11/09/2008 09:18:10 Windows Logon UI Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:09 Intel® PROSet/Wireless Event Log Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:09 Do VAIO ???? ??????? Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:09 WMI Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:08 LSA Shell (Export Version) Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:08 SPM Module Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:08 PrivateDisk Service Placed in group Low Restricted High value of threat rating calculated heuristically
11/09/2008 09:18:08 Services and Controller app Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:08 RegCure Application Placed in group Trusted/PARETOLOGIC Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:08 Windows NT Logon Application Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:08 igfxTray Module Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:08 hkcmd Module Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:07 Mouse Suite 98 Daemon Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:07 Microsoft Windows Search Protocol Host Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:07 Alps Pointing-device Driver for Windows NT/2000/XP Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:06 Run a DLL as an App Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:06 Printer Communication System Placed in group Trusted/LEXMARK INTERNATIONAL Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:06 Alps Pointing-device Driver Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:06 Windows Update Automatic Updates Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:06 Verify Class ID Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:06 Client Server Runtime Process Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Generic Host Process for Win32 Services Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Xoftspy Placed in group Trusted/PARETOLOGIC Known on the database of the known software
11/09/2008 09:18:05 Application Layer Gateway Service Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Kaspersky Internet Security Placed in group Trusted/KASPERSKY LAB Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Norton Security Center User Interface Helper Placed in group Trusted/SYMANTEC Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Windows Explorer Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Windows NT Session Manager Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:18:05 Userinit Logon Application Placed in group Trusted/MICROSOFT Signed by the digital signature of entrusted manufacturers
11/09/2008 09:16:08 Task started Kaspersky Internet Security Application Filtering
Protection (events: 202)
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:30:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:25:49 Denied Windows Explorer Open C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:20:10 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
11/09/2008 09:18:48 Denied Kaspersky Internet Security Modification REGISTRY\MACHINE\SOFTWARE\KasperskyLab\protected\AVP8\Trace\Default
Protection (events: 202)
11/09/2008 09:29:41 Not terminated: Keylogger Absent Keylogger activity
11/09/2008 09:29:41 Detected: Keylogger Absent Keylogger activity
11/09/2008 09:29:41 Detected: Keylogger Absent Keylogger activity
11/09/2008 09:28:46 Task started Kaspersky Internet Security Proactive Defense
11/09/2008 09:18:05 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:05 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:05 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:05 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:05 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:04 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:03 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:02 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:02 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:02 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:02 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:02 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:18:02 Not terminated: Keylogger Unknown application Keylogger activity C:\PROGRAM FILES\APOINT\APOINT.EXE
11/09/2008 09:16:08 Task started Kaspersky Internet Security Proactive Defense
Protection (events: 202)
11/09/2008 09:28:45 Task started Kaspersky Internet Security Firewall
11/09/2008 09:16:08 Task started Kaspersky Internet Security Firewall
Protection (events: 202)
11/09/2008 11:04:23 Task completed Kaspersky Internet Security Full Scan
11/09/2008 09:32:20 Task started Kaspersky Internet Security Full Scan
11/09/2008 09:25:39 Task stopped Kaspersky Internet Security Full Scan
11/09/2008 09:25:17 Task started Kaspersky Internet Security Full Scan
11/09/2008 09:23:12 Task completed Kaspersky Internet Security Quick Scan
11/09/2008 09:16:10 Task started Kaspersky Internet Security Quick Scan
Protection (events: 202)
11/09/2008 09:24:41 Task completed Kaspersky Internet Security Update
11/09/2008 09:24:40 It is necessary to restart the computer after update Kaspersky Internet Security
11/09/2008 09:16:16 Task started Kaspersky Internet Security Update

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:17 AM

Posted 12 September 2008 - 01:55 AM

Hi nicj97,

Sorry again for the delay. I am farbar. I am going to assist you with your problem.

I wanted to let you know I need some time to go through your log. I'll get back to you as soon as possible.

Meanwhile please refrain from making any changes to your system as it might prolong handling your log and make the job for both of us more difficult.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:17 AM

Posted 12 September 2008 - 02:35 AM

Hi again,
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • You seem to have some leftover services from an incomplete uninstalled Norton Antivirus on your computer:

    Automatic LiveUpdate Scheduler
    LiveUpdate
    SymWMI Service (SymWSC)


    To remove the leftovers please download and run the Norton Removal Tool.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note:The logs will be created in this folder: C:\rsit


#8 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 13 September 2008 - 09:55 AM

hello mate thanks 4 getting back

Logfile of random's system information tool (written by random/random)
Run by nicola at 2008-09-13 15:52:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (52%) free of 48 GB
Total RAM: 510 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:20, on 13/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Documents and Settings\nicola\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nicola.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu/vu2x/index.asp?u=m&h=0809
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219227009421
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12667 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-03 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-03-04 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-03-04 720896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-17 5406720]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2002-03-14 45056]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-22 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-22 126976]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-01-14 184320]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"PDService.exe"=C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe [2004-07-06 40960]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2005-01-31 192512]
"TVTunerLib"=C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe [2005-02-16 245760]
"VAIO Update 3"=C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-01-25 546936]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-03 185896]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2004-06-07 2498560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\nicola\Start Menu\Programs\Startup
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-09-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxdacoms.exe"="C:\WINDOWS\system32\lxdacoms.exe:*:Enabled:640 Series Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - "regedit.exe" "%1"

List of files/folders created in the last three months

2008-09-13 07:05:04 ----D---- C:\rsit
2008-09-13 06:54:54 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-11 09:09:26 ----D---- C:\Program Files\Kaspersky Lab
2008-09-11 09:09:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-11 08:41:01 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-11 07:53:43 ----D---- C:\WINDOWS\Sun
2008-09-11 07:53:43 ----D---- C:\Documents and Settings\nicola\Application Data\Sun
2008-09-10 07:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 07:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 12:49:13 ----D---- C:\Documents and Settings\nicola\Application Data\CheckPoint
2008-09-09 12:47:57 ----D---- C:\Program Files\CheckPoint
2008-09-06 12:20:23 ----D---- C:\Documents and Settings\nicola\Application Data\Syntrillium
2008-09-06 12:19:49 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-06 12:19:49 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-09-06 12:19:48 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-09-06 12:19:48 ----A---- C:\WINDOWS\system32\wmvcore2.dll
2008-09-06 12:17:24 ----D---- C:\Program Files\coolpro2
2008-09-06 08:02:40 ----A---- C:\WINDOWS\cdplayer.ini
2008-09-03 09:42:20 ----D---- C:\Program Files\Common Files\xing shared
2008-09-03 09:42:14 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-03 09:42:05 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-03 09:42:05 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-03 09:42:04 ----D---- C:\Program Files\Real
2008-09-03 09:42:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-09-03 09:42:00 ----D---- C:\Program Files\Common Files\Real
2008-09-03 09:41:58 ----D---- C:\Documents and Settings\nicola\Application Data\Real
2008-09-02 19:29:49 ----D---- C:\Documents and Settings\nicola\Application Data\AdobeUM
2008-09-01 14:15:40 ----D---- C:\Documents and Settings\nicola\Application Data\Samsung
2008-09-01 14:12:26 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-09-01 14:11:48 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-01 14:10:38 ----D---- C:\Program Files\Samsung
2008-09-01 12:17:58 ----D---- C:\Program Files\PartyGaming
2008-08-25 08:51:39 ----D---- C:\Program Files\Trend Micro
2008-08-24 11:46:56 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-08-24 11:46:48 ----D---- C:\Program Files\Sygate
2008-08-24 07:32:32 ----D---- C:\Program Files\Panda Security
2008-08-23 17:18:03 ----D---- C:\Program Files\ASIO4ALL v2
2008-08-23 17:17:53 ----D---- C:\Program Files\VstPlugins
2008-08-23 17:17:53 ----A---- C:\WINDOWS\system32\rewire.dll
2008-08-23 17:16:37 ----D---- C:\Program Files\Outsim
2008-08-23 17:14:43 ----D---- C:\Program Files\Image-Line
2008-08-23 06:36:06 ----A---- C:\WINDOWS\Lexstat.ini
2008-08-23 06:35:31 ----A---- C:\WINDOWS\system32\lxdacoin.dll
2008-08-23 06:35:30 ----A---- C:\WINDOWS\system32\lxdavs.dll
2008-08-23 06:34:00 ----D---- C:\Program Files\Lexmark 640 Series
2008-08-23 06:33:48 ----A---- C:\WINDOWS\system32\LXDAinst.dll
2008-08-23 06:33:46 ----A---- C:\WINDOWS\system32\lxdainpa.dll
2008-08-23 06:33:46 ----A---- C:\WINDOWS\system32\LXDAhcp.dll
2008-08-23 06:33:45 ----A---- C:\WINDOWS\system32\lxdaiesc.dll
2008-08-23 06:33:44 ----A---- C:\WINDOWS\system32\lxdautil.dll
2008-08-23 06:33:44 ----A---- C:\WINDOWS\system32\lxdausb1.dll
2008-08-23 06:33:43 ----A---- C:\WINDOWS\system32\lxdaserv.dll
2008-08-23 06:33:42 ----A---- C:\WINDOWS\system32\lxdaprox.dll
2008-08-23 06:33:42 ----A---- C:\WINDOWS\system32\lxdapplc.dll
2008-08-23 06:33:42 ----A---- C:\WINDOWS\system32\lxdapmui.dll
2008-08-23 06:33:41 ----A---- C:\WINDOWS\system32\lxdalmpm.dll
2008-08-23 06:33:41 ----A---- C:\WINDOWS\system32\lxdajswr.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdainsr.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdainsb.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdains.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdaih.exe
2008-08-23 06:33:39 ----A---- C:\WINDOWS\system32\lxdahbn3.dll
2008-08-23 06:33:39 ----A---- C:\WINDOWS\system32\lxdagf.dll
2008-08-23 06:33:38 ----A---- C:\WINDOWS\system32\lxdacur.dll
2008-08-23 06:33:37 ----A---- C:\WINDOWS\system32\lxdacu.dll
2008-08-23 06:33:37 ----A---- C:\WINDOWS\system32\lxdacoms.exe
2008-08-23 06:33:37 ----A---- C:\WINDOWS\system32\lxdacomm.dll
2008-08-23 06:33:36 ----A---- C:\WINDOWS\system32\lxdacomc.dll
2008-08-23 06:33:35 ----A---- C:\WINDOWS\system32\lxdacfg.exe
2008-08-23 06:33:35 ----A---- C:\WINDOWS\system32\LXDAcfg.dll
2008-08-22 13:25:01 ----D---- C:\Documents and Settings\nicola\Application Data\Sonic
2008-08-22 13:24:51 ----D---- C:\Documents and Settings\nicola\Application Data\Leadertech
2008-08-21 11:18:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 09:07:48 ----D---- C:\Program Files\Lavasoft
2008-08-21 09:07:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 09:07:17 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 07:15:55 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-08-21 07:15:55 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-08-20 19:14:29 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-20 18:50:51 ----D---- C:\Documents and Settings\nicola\Application Data\InstallShield
2008-08-20 14:30:38 ----A---- C:\WINDOWS\system32\SonyAIwo.dll
2008-08-20 14:30:38 ----A---- C:\WINDOWS\system32\SonyAIwd.dll
2008-08-20 14:30:38 ----A---- C:\WINDOWS\system32\SonyAIds.dll
2008-08-20 14:23:58 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-08-20 14:14:51 ----N---- C:\WINDOWS\RtlExUpd.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CDDBUISony.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CddbLinkSony.dll

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:17 AM

Posted 14 September 2008 - 04:39 AM

Hello,

Please post the info.txt also as requested.

#10 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 16 September 2008 - 01:30 PM

hello mate sorry

Logfile of random's system information tool (written by random/random)
Run by nicola at 2008-09-16 19:28:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 25 GB (51%) free of 48 GB
Total RAM: 510 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:53, on 16/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nicola\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nicola.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu/vu2x/index.asp?u=m&h=0809
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [TVTunerLib] C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1219227009421
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12716 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-03 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-03-04 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-03-04 720896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-17 5406720]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2002-03-14 45056]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-22 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-22 126976]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-01-14 184320]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"PDService.exe"=C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe [2004-07-06 40960]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2005-01-31 192512]
"TVTunerLib"=C:\Program Files\Common Files\Sony Shared\TVTunerLib\TVTLInstTool.exe [2005-02-16 245760]
"VAIO Update 3"=C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-01-25 546936]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-09-03 185896]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe [2004-06-07 2498560]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\nicola\Start Menu\Programs\Startup
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-22 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2006-09-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\lxdacoms.exe"="C:\WINDOWS\system32\lxdacoms.exe:*:Enabled:640 Series Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - "regedit.exe" "%1"

List of files/folders created in the last three months

2008-09-13 07:05:04 ----D---- C:\rsit
2008-09-13 06:54:54 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-09-11 09:09:26 ----D---- C:\Program Files\Kaspersky Lab
2008-09-11 09:09:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-11 08:41:01 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-11 07:53:43 ----D---- C:\WINDOWS\Sun
2008-09-11 07:53:43 ----D---- C:\Documents and Settings\nicola\Application Data\Sun
2008-09-10 07:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 07:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 12:49:13 ----D---- C:\Documents and Settings\nicola\Application Data\CheckPoint
2008-09-09 12:47:57 ----D---- C:\Program Files\CheckPoint
2008-09-06 12:20:23 ----D---- C:\Documents and Settings\nicola\Application Data\Syntrillium
2008-09-06 12:19:49 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-06 12:19:49 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-09-06 12:19:48 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-09-06 12:19:48 ----A---- C:\WINDOWS\system32\wmvcore2.dll
2008-09-06 12:17:24 ----D---- C:\Program Files\coolpro2
2008-09-06 08:02:40 ----A---- C:\WINDOWS\cdplayer.ini
2008-09-03 09:42:20 ----D---- C:\Program Files\Common Files\xing shared
2008-09-03 09:42:14 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-09-03 09:42:05 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-09-03 09:42:05 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-09-03 09:42:04 ----D---- C:\Program Files\Real
2008-09-03 09:42:04 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-09-03 09:42:00 ----D---- C:\Program Files\Common Files\Real
2008-09-03 09:41:58 ----D---- C:\Documents and Settings\nicola\Application Data\Real
2008-09-02 19:29:49 ----D---- C:\Documents and Settings\nicola\Application Data\AdobeUM
2008-09-01 14:15:40 ----D---- C:\Documents and Settings\nicola\Application Data\Samsung
2008-09-01 14:12:26 ----A---- C:\WINDOWS\system32\framedyn.dll
2008-09-01 14:11:48 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-01 14:10:38 ----D---- C:\Program Files\Samsung
2008-09-01 12:17:58 ----D---- C:\Program Files\PartyGaming
2008-08-25 08:51:39 ----D---- C:\Program Files\Trend Micro
2008-08-24 11:46:56 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-08-24 11:46:48 ----D---- C:\Program Files\Sygate
2008-08-24 07:32:32 ----D---- C:\Program Files\Panda Security
2008-08-23 17:18:03 ----D---- C:\Program Files\ASIO4ALL v2
2008-08-23 17:17:53 ----D---- C:\Program Files\VstPlugins
2008-08-23 17:17:53 ----A---- C:\WINDOWS\system32\rewire.dll
2008-08-23 17:16:37 ----D---- C:\Program Files\Outsim
2008-08-23 17:14:43 ----D---- C:\Program Files\Image-Line
2008-08-23 06:36:06 ----A---- C:\WINDOWS\Lexstat.ini
2008-08-23 06:35:31 ----A---- C:\WINDOWS\system32\lxdacoin.dll
2008-08-23 06:35:30 ----A---- C:\WINDOWS\system32\lxdavs.dll
2008-08-23 06:34:00 ----D---- C:\Program Files\Lexmark 640 Series
2008-08-23 06:33:48 ----A---- C:\WINDOWS\system32\LXDAinst.dll
2008-08-23 06:33:46 ----A---- C:\WINDOWS\system32\lxdainpa.dll
2008-08-23 06:33:46 ----A---- C:\WINDOWS\system32\LXDAhcp.dll
2008-08-23 06:33:45 ----A---- C:\WINDOWS\system32\lxdaiesc.dll
2008-08-23 06:33:44 ----A---- C:\WINDOWS\system32\lxdautil.dll
2008-08-23 06:33:44 ----A---- C:\WINDOWS\system32\lxdausb1.dll
2008-08-23 06:33:43 ----A---- C:\WINDOWS\system32\lxdaserv.dll
2008-08-23 06:33:42 ----A---- C:\WINDOWS\system32\lxdaprox.dll
2008-08-23 06:33:42 ----A---- C:\WINDOWS\system32\lxdapplc.dll
2008-08-23 06:33:42 ----A---- C:\WINDOWS\system32\lxdapmui.dll
2008-08-23 06:33:41 ----A---- C:\WINDOWS\system32\lxdalmpm.dll
2008-08-23 06:33:41 ----A---- C:\WINDOWS\system32\lxdajswr.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdainsr.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdainsb.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdains.dll
2008-08-23 06:33:40 ----A---- C:\WINDOWS\system32\lxdaih.exe
2008-08-23 06:33:39 ----A---- C:\WINDOWS\system32\lxdahbn3.dll
2008-08-23 06:33:39 ----A---- C:\WINDOWS\system32\lxdagf.dll
2008-08-23 06:33:38 ----A---- C:\WINDOWS\system32\lxdacur.dll
2008-08-23 06:33:37 ----A---- C:\WINDOWS\system32\lxdacu.dll
2008-08-23 06:33:37 ----A---- C:\WINDOWS\system32\lxdacoms.exe
2008-08-23 06:33:37 ----A---- C:\WINDOWS\system32\lxdacomm.dll
2008-08-23 06:33:36 ----A---- C:\WINDOWS\system32\lxdacomc.dll
2008-08-23 06:33:35 ----A---- C:\WINDOWS\system32\lxdacfg.exe
2008-08-23 06:33:35 ----A---- C:\WINDOWS\system32\LXDAcfg.dll
2008-08-22 13:25:01 ----D---- C:\Documents and Settings\nicola\Application Data\Sonic
2008-08-22 13:24:51 ----D---- C:\Documents and Settings\nicola\Application Data\Leadertech
2008-08-21 11:18:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 09:07:48 ----D---- C:\Program Files\Lavasoft
2008-08-21 09:07:47 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 09:07:17 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-21 07:15:55 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-08-21 07:15:55 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-08-20 19:14:29 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-20 18:50:51 ----D---- C:\Documents and Settings\nicola\Application Data\InstallShield
2008-08-20 14:30:38 ----A---- C:\WINDOWS\system32\SonyAIwo.dll
2008-08-20 14:30:38 ----A---- C:\WINDOWS\system32\SonyAIwd.dll
2008-08-20 14:30:38 ----A---- C:\WINDOWS\system32\SonyAIds.dll
2008-08-20 14:23:58 ----A---- C:\WINDOWS\ALCMTR.EXE
2008-08-20 14:14:51 ----N---- C:\WINDOWS\RtlExUpd.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CDDBUISony.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-08-20 13:42:20 ----A---- C:\WINDOWS\system32\CddbLinkSony.dll
2008-08-20 13:42:19 ----A---- C:\WINDOWS\system32\CDDBControlSony.dll
2008-08-20 13:42:16 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-08-20 13:42:16 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-20 13:40:19 ----A---- C:\WINDOWS\system32\omginstlog.txt
2008-08-20 13:32:06 ----A---- C:\WINDOWS\system32\Netw2r32.dll
2008-08-20 13:32:06 ----A---- C:\WINDOWS\system32\Netw2c32.dll
2008-08-20 13:31:57 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2008-08-20 13:18:54 ----D---- C:\Program Files\RegCure
2008-08-20 13:17:29 ----D---- C:\Program Files\XoftSpySE
2008-08-20 11:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-08-20 11:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-20 11:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-20 11:33:33 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-20 10:57:58 ----D---- C:\Documents and Settings\nicola\Application Data\Windows Search
2008-08-20 10:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-08-20 10:52:31 ----D---- C:\Documents and Settings\nicola\Application Data\Windows Desktop Search
2008-08-20 10:51:56 ----D---- C:\Program Files\Windows Desktop Search
2008-08-20 10:51:55 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-08-20 10:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2008-08-20 10:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-08-20 10:51:15 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-20 10:51:14 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-08-20 10:50:52 ----D---- C:\Program Files\Windows Media Connect 2
2008-08-20 10:50:38 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-08-20 10:49:40 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-08-20 10:49:13 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-20 10:49:06 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-08-20 10:39:33 ----RSD---- C:\WINDOWS\assembly
2008-08-20 10:39:33 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-20 10:39:29 ----D---- C:\WINDOWS\system32\URTTemp
2008-08-20 10:19:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-20 10:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-20 10:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-20 10:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-20 10:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-20 10:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-20 10:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-20 10:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-20 10:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-20 10:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-08-20 10:18:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-20 10:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-20 10:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-20 10:17:44 ----D---- C:\Program Files\MSXML 4.0
2008-08-20 10:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-08-20 10:01:04 ----D---- C:\WINDOWS\ie7updates
2008-08-20 10:00:27 ----D---- C:\WINDOWS\WBEM
2008-08-20 09:59:06 ----HDC---- C:\WINDOWS\ie7
2008-08-20 09:58:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-20 09:58:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-20 09:57:10 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-20 09:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-08-20 09:04:35 ----D---- C:\WINDOWS\Prefetch
2008-08-20 08:57:52 ----D---- C:\WINDOWS\system32\en-us
2008-08-20 08:57:51 ----D---- C:\WINDOWS\system32\scripting
2008-08-20 08:57:51 ----D---- C:\WINDOWS\l2schemas
2008-08-20 08:57:50 ----D---- C:\WINDOWS\system32\en
2008-08-20 08:57:49 ----D---- C:\WINDOWS\system32\bits
2008-08-20 08:55:04 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-20 08:52:35 ----D---- C:\WINDOWS\network diagnostic
2008-08-20 08:48:44 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-20 08:48:41 ----D---- C:\WINDOWS\EHome
2008-08-20 08:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-20 08:28:23 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-20 08:28:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-20 08:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-20 08:05:25 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-08-20 07:59:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-20 07:59:16 ----A---- C:\WINDOWS\system32\NicInst.dll
2008-08-20 07:59:16 ----A---- C:\WINDOWS\system32\NicCo.dll
2008-08-20 07:18:58 ----D---- C:\Update
2008-08-19 20:48:06 ----A---- C:\WINDOWS\ODBC.INI
2008-08-19 20:47:59 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-08-19 20:47:11 ----D---- C:\Program Files\Microsoft ActiveSync
2008-08-19 20:46:50 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-19 20:46:26 ----D---- C:\WINDOWS\SHELLNEW
2008-08-19 20:45:28 ----RHD---- C:\MSOCache
2008-08-19 20:44:12 ----D---- C:\Program Files\Microsoft Office
2008-08-19 20:41:56 ----D---- C:\Program Files\Microsoft Works
2008-08-19 20:38:25 ----D---- C:\Program Files\TvTvHTML
2008-08-19 20:38:25 ----D---- C:\Program Files\TVTV EPG Installer
2008-08-19 20:35:21 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-19 20:35:21 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2008-08-19 20:35:06 ----D---- C:\Program Files\Microsoft SQL Server
2008-08-19 20:33:29 ----D---- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2008-08-19 20:33:20 ----D---- C:\Program Files\Moodlogic HTML
2008-08-19 20:33:11 ----D---- C:\Program Files\MoodLogic
2008-08-19 20:32:05 ----A---- C:\WINDOWS\system32\CDDBUI.dll
2008-08-19 20:32:05 ----A---- C:\WINDOWS\system32\CDDBControl.dll
2008-08-19 20:30:09 ----D---- C:\Program Files\Sonic
2008-08-19 20:29:26 ----A---- C:\WINDOWS\system32\iplw7.dll
2008-08-19 20:29:26 ----A---- C:\WINDOWS\system32\iplpx.dll
2008-08-19 20:29:26 ----A---- C:\WINDOWS\system32\iplp6.dll
2008-08-19 20:29:25 ----A---- C:\WINDOWS\system32\iplm6.dll
2008-08-19 20:29:25 ----A---- C:\WINDOWS\system32\iplm5.dll
2008-08-19 20:29:25 ----A---- C:\WINDOWS\system32\ipla6.dll
2008-08-19 20:29:25 ----A---- C:\WINDOWS\system32\ipl.dll
2008-08-19 20:29:25 ----A---- C:\WINDOWS\system32\Cpuinf32.dll
2008-08-19 20:26:06 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-08-19 20:25:40 ----ASH---- C:\Documents and Settings\nicola\Application Data\desktop.ini
2008-08-19 20:25:38 ----SD---- C:\Documents and Settings\nicola\Application Data\Microsoft
2008-08-19 20:25:38 ----D---- C:\Documents and Settings\nicola\Application Data\Sony Corporation
2008-08-19 20:25:38 ----D---- C:\Documents and Settings\nicola\Application Data\Macromedia
2008-08-19 20:25:38 ----D---- C:\Documents and Settings\nicola\Application Data\Identities
2008-08-19 20:25:38 ----D---- C:\Documents and Settings\nicola\Application Data\Adobe
2008-08-19 20:24:18 ----D---- C:\Program Files\Program Shortcuts
2008-08-19 20:11:38 ----SHD---- C:\System Volume Information
2008-08-19 19:59:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-07-29 20:21:42 ----A---- C:\WINDOWS\system32\klogon.dll

List of drivers

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-09-11 213008]
R1 PrivateDisk;PrivateDisk; C:\WINDOWS\System32\Drivers\PrivateDiskM.sys [2004-07-06 45627]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-20 21419]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg3n.sys []
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg4n.sys []
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg5n.sys []
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\system32\SYSTEM32\Drivers\wg6n.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-11-28 165760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-08 1041536]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2004-09-08 161024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-17 3298144]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SONYTVC;Sony MPEG RR-Engine; C:\WINDOWS\system32\DRIVERS\SONYTVC.sys [2005-01-11 237440]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-01-06 52736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-06-29 2206720]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-08 685184]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-22 807742]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2007-05-02 83592]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2007-05-02 15112]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2007-05-02 109704]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-21 611664]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 lxda_device;lxda_device; C:\WINDOWS\system32\lxdacoms.exe [2007-01-29 537520]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-17 127043]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-02-09 167936]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-02-09 135168]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-09 143360]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-02-09 270336]
S2 VCI;VAIO Cooporated Initialisation; C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2005-01-04 398336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-24 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe [2005-05-19 397312]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-02-09 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-06-12 1953792]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-01-14 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-05-22 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2006-05-17 155648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:17 AM

Posted 16 September 2008 - 01:51 PM

You have posted log.txt again. I needed info.txt . Both the files are in this folder C:\rsit

Please open the folder and copy/paste the content of info.txt. Thanks.

#12 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 17 September 2008 - 01:13 PM

it wont let me paste into here

so i attached as a attachment

hope this works thanks for you time

Attached Files

  • Attached File  info.txt   21.41KB   26 downloads
  • Attached File  log.txt   40.92KB   23 downloads


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:17 AM

Posted 17 September 2008 - 01:53 PM

Hi,

I see from the log you are using a registry cleaner. It is even scheduled to run. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.
  • You have a broken file association. Download Deckard's Association File Tool daft.exe and save it to your desktop.
    • Double click on it and click Run.
    • Click on the Scan button.
    • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a checkmark (tick) in the boxes in question (in your case .reg).
    • Click the Fix button.
  • There is an "Sypware" entry related to Realtek used surreptitiously to monitor one's actions. It is not a sinister one and you can remove the start up entry without affecting the function of Realtek application. Notice that you should not remove the file itself.
    Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Optional: The following sites are set to the safe zone. It means that the traffic created by these sites won't be checked by security checkpoints any more. While these site are safe to visit they might not be safe all the time and their traffic should better pass through the security checkpoints. I recommend you to remove these sites from the trusted safe zone. If you decided to remove these sites from the trusted zone check the boxes next to the following entries:

    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • I see on your log that PartyPoker is installed on your computer:

    This program is known to be related to adware/spyware. More information here: http://www.bleepingcomputer.com/uninstall/...rStars.net.html
    To uninstall it:
    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    PartyPoker

    Also remove the folder in bold: C:\Program Files\PartyGaming

    Additional instructions can be found here if needed.

  • I see on your log that you are running two firewalls. Having two firewalls means every connection should pass through two security check points which means prolonging the connection time without adding more security. I suggest you use one of them and uninstall the other.
    Since you have alreasy KIS which is having a good firewall you don't need another firewall. Please go to Add/Remove programs and uinstall Sygate Personal Firewall.

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Tell me how your computer is running and if you have any problem.


#14 nicj97

nicj97
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 18 September 2008 - 01:40 AM

hello mate iv done all that there the log
does this mean im clean now

18/09/2008 07:37:53
mbam-log-2008-09-18 (07-37-53).txt

Scan type: Quick Scan
Objects scanned: 56048
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:17 AM

Posted 18 September 2008 - 05:24 AM

Yes your log looked clean and the last scan was to make sure of it.

In order to reduce the possible infection in the future, you may follow the following steps:
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • By default it brings the C: drive to clean. Please confirm.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
  • Install Javacoolsİ SpywareBlaster -
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. You can find more information and a download link here.
Enjoy surfing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users