Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tr/crypt.xpack.gen Virus


  • This topic is locked This topic is locked
7 replies to this topic

#1 deliswiss

deliswiss

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 26 September 2008 - 12:25 AM

I tried the whole preparation guide and it didn't detect the malware that antivir constantly warns me about. I get warnings for the following:

1) TR/Crypt.XPACK.Gen Virus
2) RKIT/Clbd.KF
3) TR/Trash.Gen

Any help would be great.
Thanks :thumbsup:

Here's the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:41 PM, on 9/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1E9B8B5-EFEC-4C48-83A1-EF50AA3D601C}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14933 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:06 PM

Posted 03 October 2008 - 09:02 PM

Hello, deliswiss.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help. Otherwise please follow the instructions below.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 deliswiss

deliswiss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 04 October 2008 - 02:32 AM

Hey Bill,

Thanks for the reply. I really appreciated you taking the time to help me out with this.

I did follow another windows xp cleaning procedure while I was waiting for a reply (http://forums.majorgeeks.com/showthread.php?t=139313) and did an antivir scan which then quaratined two of the three things i'm concerned about. however, not knowing what to do after, i deleted the quarantined files. i've done this previously, and the files were detected by antivir again.

so i ran OTView it and here are the logs:

OTVIEWIT.TXT

OTViewIt logfile created on: 10/4/2008 12:21:21 AM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Darbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 401.25 Mb Available Physical Memory | 39.57% Memory free
1.27 Gb Paging File | 0.63 Gb Available in Paging File | 49.25% Paging File free
Paging file location(s): C:\pagefile.sys 384 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.78 Gb Total Space | 23.09 Gb Free Space | 21.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 653.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPACEBISCUIT
Current User Name: Darbar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/02/28 15:16:08 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2006/02/28 15:18:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/07/17 19:39:54 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
[2008/08/14 20:21:09 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/05/30 05:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe
[2008/09/21 14:03:37 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/03/12 18:54:10 | 00,931,376 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
[2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
[2006/02/28 15:15:30 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2005/05/20 18:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
[2005/11/28 15:39:22 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
[2005/11/28 15:39:30 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2005/11/28 15:39:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
[2005/12/17 12:08:02 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
[2005/12/17 12:08:04 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/11/17 20:47:16 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2006/02/28 15:25:20 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2006/02/28 15:25:48 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2006/02/28 15:29:54 | 00,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
[2005/11/10 14:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[2006/01/26 03:28:04 | 00,212,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
[2004/02/20 15:12:34 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
[2005/10/11 22:36:38 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
[2006/02/28 15:22:50 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2004/08/19 09:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2006/02/22 18:10:16 | 01,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
[2005/01/20 20:24:00 | 00,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
[2005/12/01 02:20:02 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
[2008/07/17 19:39:54 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
[2007/06/11 02:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe
[2006/01/07 02:36:10 | 00,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
[2007/03/12 18:54:20 | 01,626,160 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[2007/03/12 18:53:50 | 01,055,792 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2007/11/22 14:49:44 | 12,889,088 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
[2008/09/03 14:07:12 | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/02/21 22:58:50 | 01,765,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[2006/11/20 07:30:54 | 00,250,368 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/02/16 16:30:54 | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
[2006/01/23 21:47:32 | 00,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
[2006/01/27 18:17:50 | 00,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
[2008/01/18 19:33:10 | 05,077,205 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
[2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[2008/10/04 00:10:02 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darbar\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/17 19:39:54 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/14 20:21:09 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/05/30 05:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2008/04/13 17:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/02/28 15:16:08 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/09/21 14:03:37 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2005/07/14 19:10:16 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment [On_Demand | Stopped])
[2007/03/12 18:54:10 | 00,931,376 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2005/11/24 18:03:22 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
[2003/05/31 18:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
[2002/12/17 15:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2007/03/14 19:19:10 | 00,779,824 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2006/03/07 22:26:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/11/24 17:57:44 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
[2006/02/28 15:15:30 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2006/02/28 15:18:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2005/11/24 17:47:30 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2002/12/17 15:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
[2006/01/06 22:25:12 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
[2008/04/13 17:12:38 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2005/11/25 15:08:54 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
[2005/05/20 18:41:42 | 00,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
[2006/01/16 10:25:02 | 02,084,864 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
[2005/10/11 12:02:02 | 00,057,344 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
[2005/10/11 12:07:50 | 00,770,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
[2005/12/21 10:06:28 | 00,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
[2005/11/28 15:39:22 | 00,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2005/11/28 15:39:30 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
[2005/11/28 15:39:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2006/03/22 15:49:36 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2004/11/22 13:31:10 | 00,108,767 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2007/05/30 05:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
[2007/05/30 05:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
[2007/04/19 18:01:37 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/31 11:07:38 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/07/17 19:39:54 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2008/04/13 11:46:23 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2000/12/05 17:18:02 | 00,003,952 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall [System | Running])
[2006/11/05 00:21:12 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])
[2006/02/22 18:13:12 | 00,013,440 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir [Auto | Running])
[2006/02/22 18:13:04 | 00,033,024 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2 [Auto | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2004/06/22 08:05:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
[2004/06/22 08:05:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2004/06/22 08:05:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/10/18 17:52:34 | 00,202,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2005/10/18 17:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/17 12:08:00 | 01,353,820 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2002/11/28 21:23:24 | 00,039,048 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\ICDUSB2.sys -- (ICDUSB2 [On_Demand | Stopped])
[2005/10/21 12:19:34 | 00,036,352 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM [On_Demand | Running])
[2007/03/12 18:53:50 | 00,118,064 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2007/03/12 18:54:00 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
[2007/03/12 18:54:10 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
[2008/04/13 11:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2005/10/05 17:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 11:39:50 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2005/12/29 00:28:08 | 00,055,680 | ---- | M] (Micro Vision Co.,Ltd) -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD [On_Demand | Running])
[2008/04/13 11:46:25 | 00,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2008/04/13 11:46:22 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2006/03/07 22:26:00 | 03,643,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2001/08/17 14:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/04/22 17:15:25 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/02/28 16:35:56 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/09/03 14:07:14 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/09/03 14:07:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/09/03 14:07:12 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2004/11/25 09:41:08 | 00,046,080 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
[2004/10/28 03:47:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
[2004/11/29 11:14:30 | 00,019,648 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
[2005/11/21 15:06:02 | 00,009,216 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\shpf.sys -- (shpf [Boot | Running])
[2008/04/13 11:46:23 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2000/11/09 20:15:08 | 00,048,896 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC [On_Demand | Running])
[2005/12/27 16:22:10 | 00,029,184 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF [On_Demand | Running])
[2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2003/06/18 17:12:50 | 00,071,961 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI [On_Demand | Running])
[2006/11/05 00:03:04 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2007/04/19 18:01:48 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [On_Demand | Stopped])
[2005/11/17 14:40:00 | 01,076,472 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2008/04/13 11:46:21 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2006/02/22 18:05:44 | 00,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2006/02/21 19:32:32 | 00,226,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony [On_Demand | Running])
[2005/11/24 13:37:36 | 00,047,104 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte [On_Demand | Running])
[2006/02/02 23:16:08 | 00,108,928 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd [On_Demand | Stopped])
[2005/12/14 17:07:24 | 00,037,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp [On_Demand | Stopped])
[2005/08/01 16:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
[2006/02/08 17:33:34 | 00,062,848 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped])
[2005/01/06 13:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped])
[2006/01/31 18:35:28 | 00,039,808 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped])
[2008/04/13 11:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006/02/26 05:43:00 | 01,428,480 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51 [On_Demand | Running])
[2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2005/10/18 17:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/04/13 11:46:24 | 00,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2005/10/17 09:43:00 | 00,241,408 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.sony.com/vaiopeople

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{00C6482D-C502-44C8-8409-FCE54AD9C208} (HKLM) -- C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (GRISOFT s.r.o.)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" (UPEK Inc.)
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" (Intel Corporation)
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary (Sony Corporation)
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" (Sony Corporation)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" ()
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" ()
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)

========== (O4) Startup Folders ==========

[2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/02/21 22:58:50 | 01,765,376 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
[2006/11/20 07:30:54 | 00,250,368 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
Transfer by Image Converter 2 Plus: C:\Program Files\Sony\Image Converter 2\menu.htm [2005/05/09 19:30:36 | 00,001,350 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Yahoo! Services -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Spybot - Search & Destroy Configuration -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-678103200-4033436459-2063786806-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
aol.com\objects: * is out of zone range (0)
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{3451DEDE-631F-421C-8127-FD793AFC6CC8}: https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab -- ActiveDataInfo Class
{44990200-3C9D-426D-81DF-AAB636FA4345}: https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab -- Symantec SmartIssue
{44990301-3C9D-426D-81DF-AAB636FA4345}: https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab -- Symantec Script Runner Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06

========== (O17) DNS Name Servers ==========

{A568EFAB-162A-4EEC-951D-A4CB13A6F205} (Servers: | Description: 1394 Net Adapter)
{AB29751D-68B3-4CD7-9CF5-93704A652DDA} (Servers: | Description: )
{AF057119-C3A1-4C6F-847B-A59A86BD06FD} (Servers: | Description: )
{B8922B4E-2349-4988-94F8-7529D3FA17D4} (Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller)
{D1E9B8B5-EFEC-4C48-83A1-EF50AA3D601C} (Servers: 208.67.222.222,208.67.220.220 | Description: Intel® PRO/Wireless 3945ABG Network Connection)
{FC73ADAA-1901-41B4-8494-E56630B79BB8} (Servers: | Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=wbsys.dll
>[2003/02/26 21:27:44 | 00,036,864 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
psfus: "DllName" = fusstub.dll -- C:\WINDOWS\system32\fusstub.dll (UPEK Inc.)
VESWinlogon: "DllName" = VESWinlogon.dll -- C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
WBSrv: "DllName" = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"UPnPMonitor"={e57ce738-33e8-4c51-8354-bb4de9d215d1} (HKLM) -- C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/03/22 12:12:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun []
[2008/08/18 21:47:05 | 00,000,000 | ---D | M] -- C:\autorun -- [ NTFS ]

Autorun []
[2007/09/05 13:20:42 | 00,176,128 | R--- | M] () -- G:\Autorun.exe -- [ CDFS ]

Autorun.exe [MZ | ]
[2007/09/05 13:20:42 | 00,176,128 | R--- | M] () -- G:\Autorun.exe -- [ CDFS ]

autorun.inf [[autorun] | icon=ac.ico | OPEN=autorun.exe | ]
[2006/09/08 07:27:40 | 00,000,043 | R--- | M] () -- G:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Darbar\My Documents\*.tmp files]
[2008/10/04 00:19:04 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Darbar\My Documents\My Safe
[2008/10/04 00:10:06 | 00,419,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Darbar\Desktop\OTViewIt.exe
[2008/10/03 20:29:17 | 00,007,368 | ---- | C] () -- C:\Documents and Settings\Darbar\Desktop\Pushing.Daisies.S02E01.HDTV.XViD-DOT.4423822.TPB.torrent
[2008/10/03 14:04:19 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Darbar\My Documents\Piperlime order number 12lrv0t.doc
[2008/10/03 09:58:31 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/03 01:12:59 | 00,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2008/10/03 01:12:19 | 00,067,962 | ---- | C] () -- C:\MGlogs.zip
[2008/10/03 01:12:17 | 00,000,000 | ---D | C] -- C:\MGtools
[2008/10/03 00:48:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\swxcacls.exe
[2008/10/02 23:45:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darbar\Desktop\CELL CULTURE
[2008/10/02 23:03:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/02 23:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darbar\Application Data\SUPERAntiSpyware.com
[2008/10/02 22:54:08 | 01,266,807 | ---- | C] () -- C:\MGtools.exe
[2008/09/29 16:38:46 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Darbar\Desktop\chapter 2(2).doc
[2008/09/29 16:38:38 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Darbar\Desktop\chapter 2.doc
[2008/09/28 07:14:41 | 00,000,000 | -HSD | C] -- C:\found.000
[2008/09/27 21:08:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darbar\My Documents\chem 2200
[2008/09/27 21:05:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darbar\Desktop\biol6151
[2008/09/27 16:11:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darbar\Desktop\HSC3300
[2008/09/27 12:30:17 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Darbar\My Documents\Live Deliberately.doc
[2008/09/27 12:02:52 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Darbar\My Documents\12 Techniques to Stop Worrying.doc
[2008/09/25 23:38:41 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/09/25 23:38:40 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/25 23:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\MB
[2008/09/25 21:51:27 | 01,636,384 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/09/25 21:51:27 | 00,020,204 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/09/25 00:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/09/25 00:35:06 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/25 00:34:51 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/09/25 00:34:51 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/09/25 00:34:25 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/09/25 00:34:10 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/09/25 00:34:10 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/09/25 00:34:08 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/09/25 00:34:08 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/09/25 00:33:59 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/09/25 00:33:58 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/09/25 00:33:58 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/09/25 00:33:58 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/09/25 00:33:58 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/09/25 00:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/09/25 00:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/09/25 00:33:55 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/09/25 00:33:55 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/09/25 00:33:14 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/09/25 00:33:14 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/09/25 00:33:14 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/09/25 00:33:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/09/22 21:36:11 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Darbar\My Documents\Growth Curve.xls
[2008/09/22 17:04:09 | 10,633,09312 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/22 16:50:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/09/22 16:09:16 | 00,002,973 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/09/22 16:02:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/09/22 16:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/09/22 16:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/09/22 16:02:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/09/22 15:55:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/09/22 15:42:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/09/21 00:00:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/09/21 00:00:37 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/09/21 00:00:35 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008/09/20 23:57:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2008/09/20 23:50:46 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/09/20 23:50:44 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2008/09/20 23:50:44 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/09/20 23:50:44 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/09/20 23:50:44 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/09/20 23:50:44 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/09/20 23:50:44 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/09/20 23:50:44 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFind.exe
[2008/09/20 23:44:32 | 02,885,948 | R--- | C] () -- C:\Documents and Settings\Darbar\Desktop\ComboFix.exe
[2008/09/20 23:19:09 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NirCmd.exe
[2008/09/20 23:08:22 | 00,067,072 | ---- | C] () -- C:\Documents and Settings\Darbar\Desktop\Three things.doc
[2008/09/20 18:45:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2008/09/17 17:12:56 | 00,049,152 | ---- | C] () -- C:\Documents and Settings\Darbar\Desktop\ed-cls-resume-background-app.doc
[2008/09/17 16:13:50 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Darbar\Desktop\credit card.xls
[2008/09/16 23:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Darbar\Desktop\food
[2008/09/10 19:56:54 | 02,802,378 | ---- | C] () -- C:\Documents and Settings\Darbar\My Documents\sf_2008_program.pdf
[2008/09/10 19:56:51 | 00,006,003 | ---- | C] () -- C:\Documents and Settings\Darbar\My Documents\speakers.pdf

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Darbar\My Documents\*.tmp files]
[2008/10/04 00:18:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/04 00:16:59 | 01,636,384 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/04 00:16:27 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/04 00:16:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/04 00:16:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/04 00:15:59 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/04 00:14:44 | 00,020,204 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/04 00:10:02 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Darbar\Desktop\OTViewIt.exe
[2008/10/03 23:17:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/03 23:02:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/03 21:19:28 | 00,074,752 | ---- | M] () -- C:\Documents and Settings\Darbar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 20:29:10 | 00,007,368 | ---- | M] () -- C:\Documents and Settings\Darbar\Desktop\Pushing.Daisies.S02E01.HDTV.XViD-DOT.4423822.TPB.torrent
[2008/10/03 14:04:19 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Darbar\My Documents\Piperlime order number 12lrv0t.doc
[2008/10/03 01:13:45 | 00,067,962 | ---- | M] () -- C:\MGlogs.zip
[2008/10/03 00:58:27 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/03 00:57:49 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/03 00:48:07 | 02,885,948 | R--- | M] () -- C:\Documents and Settings\Darbar\Desktop\ComboFix.exe
[2008/10/02 22:53:34 | 01,266,807 | ---- | M] () -- C:\MGtools.exe
[2008/09/29 16:38:46 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Darbar\Desktop\chapter 2(2).doc
[2008/09/29 16:38:38 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Darbar\Desktop\chapter 2.doc
[2008/09/28 21:25:18 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/27 12:30:17 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Darbar\My Documents\Live Deliberately.doc
[2008/09/27 12:02:53 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Darbar\My Documents\12 Techniques to Stop Worrying.doc
[2008/09/25 00:36:58 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/09/22 22:46:50 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Darbar\My Documents\Growth Curve.xls
[2008/09/22 17:09:50 | 00,460,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/09/22 17:09:49 | 00,550,278 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/09/22 17:09:49 | 00,079,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/09/22 16:59:36 | 01,563,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/09/22 16:52:28 | 00,000,712 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/22 16:49:09 | 00,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd6397.sys
[2008/09/22 16:11:29 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/22 16:11:25 | 00,002,973 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2008/09/22 15:49:41 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/09/21 00:15:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081003-000348.backup
[2008/09/21 00:00:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/09/20 23:08:23 | 00,067,072 | ---- | M] () -- C:\Documents and Settings\Darbar\Desktop\Three things.doc
[2008/09/17 17:12:56 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Darbar\Desktop\ed-cls-resume-background-app.doc
[2008/09/17 16:13:50 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Darbar\Desktop\credit card.xls
[2008/09/10 19:56:54 | 02,802,378 | ---- | M] () -- C:\Documents and Settings\Darbar\My Documents\sf_2008_program.pdf
[2008/09/10 19:56:51 | 00,006,003 | ---- | M] () -- C:\Documents and Settings\Darbar\My Documents\speakers.pdf
[2008/09/10 00:08:38 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:08:32 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >


EXTRAS.TXT

OTViewIt Extras logfile created on: 10/4/2008 12:21:21 AM - Run 2
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Documents and Settings\Darbar\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 401.25 Mb Available Physical Memory | 39.57% Memory free
1.27 Gb Paging File | 0.63 Gb Available in Paging File | 49.25% Paging File free
Paging file location(s): C:\pagefile.sys 384 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.78 Gb Total Space | 23.09 Gb Free Space | 21.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 653.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SPACEBISCUIT
Current User Name: Darbar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/09/24 14:29:19 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
[2008/06/11 20:16:02 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
[2008/04/13 17:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2008/07/30 10:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/13 17:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/06/26 15:53:38 | 20,005,928 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2001/06/20 08:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}"=SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}"=Sony MP4 Shared Library
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}"=VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{1417F599-1DBD-4499-9375-B2813E9F890C}"=VAIO Camera Utility
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}"=VAIO Original Screen Saver
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}"=Scan
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}"=VAIO Media AC3 Decoder 1.0
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{27337663-2619-11D4-99DC-0000F49094C7}"=Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}"=Quicken 2006
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}"=Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}"=VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}"=VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{43FFE159-3199-4188-A1CD-629166AD1033}"=Nero 7 Premium
"{47D2103B-FD51-4017-9C20-DD408B17D726}"=Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}"=VAIO Update 2
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{4E993095-28F2-4060-9101-99C1FD1195C0}"=VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}"=VAIO Media 5.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}"=VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}"=Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}"=LAN Setting Utility
"{5D95AD35-368F-47D5-B63A-A082DDF00111}"=Microsoft Digital Image Starter Edition 2006 Editor
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}"=VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}"=Image Converter 2 Plus
"{66563AD8-637B-407F-BCA7-0233A16891AB}"=Business Contact Manager for Outlook 2003
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}"=DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}"=Microsoft Digital Image Starter Edition 2006 Library
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}"=VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{70B96CD0-FDF2-489E-8FA0-0F92ED599368}"=Opera 9.50
"{785EB1D4-ECEC-4195-99B4-73C47E187721}"=VAIO Media Integrated Server 5.0
"{788040D7-8FD8-47F7-8D14-F4A99261330F}"=CourseSmart Bookshelf
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}"=ISScript
"{82081533-F045-469E-BD53-F16839E445C3}"=VAIO Support Central
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}"=Protector Suite QL 5.3
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD for VAIO
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}"=VAIO Power Management
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}"=SonicStage 3.4
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A1062847-0846-427A-92A1-BB8251A91E91}"=HP PSC & OfficeJet 4.2
"{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}"=SnagIt 8
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}"=AiO_Scan
"{A947C2B3-7445-42C4-9063-EE704CACCB22}"=VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}"=SonicStage Mastering Studio Audio Filter
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}"=VAIO Media Registration Tool 5.0
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1"=Sony Download Taxi 1.5.0.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}"=mEoU
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6F7DBE7-2FE2-458F-A738-B10832746036}"=Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}"=VAIOSurveySA
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}"=Sony Video Shared Library
"{BF14450E-FB29-4D55-AAA3-BF5BF9FC9F1A}"=eDrawings 2005
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}"=SonicStage Mastering Studio 2.2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}"=DSD Direct
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}"=VAIO HDD Protection
"{C7793EE8-F666-4E6B-9827-76468679480E}"=Tweakui Powertoy for Windows XP
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}"=DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}"=Bluetooth Stack for Windows by Toshiba
"{CFB17307-B244-4EAD-AE8E-CDAF440477C2}"=OpenMG Secure Module 4.4.00
"{D0448678-1203-4158-A58F-B3D0B616BF9E}"=Sony Certificate PCH
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1"=Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}"=SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}"=Sony Utilities DLL
"{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}"=Fingerprint Tutorial
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}"=VAIO Event Service
"{F41C11EC-7C13-47A7-A07C-251D96EC3879}"=Broken Sword - The Angel of Death
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{F6D24DE1-6894-452D-A714-FDA0929714EC}"=TPM Tutorial
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}"=VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}"=VAIO Security Center
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003"=HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crack DAT PAT"=Crack DAT PAT 2007
"DAT Digital Test Booklet v.3.0R"=DAT Digital Test Booklet v.3.0R
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HP Photo & Imaging"=HP Image Zone 4.2
"iDailyDiary_is1"=iDailyDiary 3.41
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}"=VAIO Registration
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}"=VAIOSurveySA
"InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}"=OpenMG Secure Module 4.4.00
"Kaplan's DAT DTB"=Kaplan's DAT DTB
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"KB870669"=Microsoft Data Access Components KB870669
"KB886612"=Windows Media Player 10 Hotfix [See KB886612 for more information]
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PDF Editor 2"=PDF Editor 2
"PeerGuardian_is1"=PeerGuardian 2.0
"Photodex Presenter"=Photodex Presenter
"PictureItSuiteTrial_v11"=Microsoft Digital Image Starter Edition 2006
"Privoxy"=Privoxy 3.0.6
"Product_Name"=DAT Achiever
"ProInst"=Intel® PROSet/Wireless Software
"pzizz"=pzizz
"pzizzEnergizerModule"=pzizz Energizer Module
"pzizzSleepModule"=pzizz Sleep Module
"RealPlayer 6.0"=RealPlayer
"S7FOY07-FPDEMO_is1"=Indiana Jones and the Fountain of Youth Demo
"ScummVM_is1"=ScummVM 0.11.0
"Security Task Manager"=Security Task Manager 1.6f
"Skype_is1"=Skype 2.5
"Sony Digital Voice Editor 2"=Sony Digital Voice Editor 2
"Sony Ericsson Wireless Modem"=Sony Ericsson Wireless Modem
"Tor"=Tor 0.1.2.19
"TSPDAT"=TSPDAT
"Vidalia"=Vidalia 0.0.16
"ViewpointMediaPlayer"=Viewpoint Media Player
"WIC"=Windows Imaging Component
"WindowBlinds"=WindowBlinds
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"ZoneAlarm"=ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2008 12:18:20 AM | Computer Name = SPACEBISCUIT | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 7.0.9 -- A process is running that cannot be
safely shut down by Adobe Reader. Please restart your computer and try again.

Error - 9/30/2008 8:01:42 PM | Computer Name = SPACEBISCUIT | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 9/30/2008 9:33:21 PM | Computer Name = SPACEBISCUIT | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.2.23, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 10/2/2008 11:57:10 PM | Computer Name = SPACEBISCUIT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.17373, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2008 3:10:16 PM | Computer Name = SPACEBISCUIT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.17373, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2008 3:10:31 PM | Computer Name = SPACEBISCUIT | Source = Application Hang | ID = 1001
Description = Fault bucket 912158224.

Error - 10/3/2008 9:33:40 PM | Computer Name = SPACEBISCUIT | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.17373, faulting
module npmnqmp071101000055.dll, version 711.1.0.55, fault address 0x000a71b7.

Error - 10/3/2008 10:06:37 PM | Computer Name = SPACEBISCUIT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.17373, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2008 10:06:46 PM | Computer Name = SPACEBISCUIT | Source = Application Hang | ID = 1001
Description = Fault bucket 912158224.

Error - 10/4/2008 3:11:06 AM | Computer Name = SPACEBISCUIT | Source = Application Hang | ID = 1002
Description = Hanging application OTViewIt.exe, version 1.0.9.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/22/2008 7:57:15 PM | Computer Name = SPACEBISCUIT | Source = sfsync02 | ID = 262156
Description =

Error - 9/22/2008 8:00:03 PM | Computer Name = SPACEBISCUIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/22/2008 8:00:19 PM | Computer Name = SPACEBISCUIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/22/2008 8:00:21 PM | Computer Name = SPACEBISCUIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/22/2008 8:01:13 PM | Computer Name = SPACEBISCUIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/22/2008 8:02:53 PM | Computer Name = SPACEBISCUIT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/22/2008 8:04:14 PM | Computer Name = SPACEBISCUIT | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer.

Error - 9/26/2008 9:19:40 PM | Computer Name = SPACEBISCUIT | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/28/2008 10:20:50 AM | Computer Name = SPACEBISCUIT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.10.123
on the Network Card with network address 001302361D73.

Error - 10/3/2008 1:30:29 AM | Computer Name = SPACEBISCUIT | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'IvrZQ.exe' on the volume 'HarddiskVolume2'. It has
stopped monitoring the volume.


< End of report >

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:06 PM

Posted 04 October 2008 - 05:44 AM

Hello, deliswiss.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 deliswiss

deliswiss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 05 October 2008 - 01:29 PM

Hi Bill.

When I was doing the ESET online scan, antivir detected TR/Dropper.Gen [trojan] and I selected "deny access".

Here's the ESET scan:
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3495 (20081004)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=225ea8abaae15c478bd31b9d349c669a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-10-05 08:30:36
# local_time=2008-10-05 01:30:36 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=379057
# found=2
# scan_time=14572
C:\Program Files\Nero 7.8.5.U\Nero-7.8.5.0_eng_trial.exe Win32/Toolbar.AskSBar application (deleted) 00000000000000000000000000000000
C:\Program Files\Nero 7.8.5.U\Nero-7.8.5.0_eng_trial.exe »RAR »Toolbar.exe Win32/Toolbar.AskSBar application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

and the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:02 AM, on 10/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1E9B8B5-EFEC-4C48-83A1-EF50AA3D601C}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14505 bytes

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:06 PM

Posted 05 October 2008 - 04:24 PM

Hello, deliswiss.
Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 deliswiss

deliswiss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 05 October 2008 - 05:06 PM

Thanks a million Billy!
I followed your advice on how to keep my computer A-OK, hopefully i won't run into any snafus in the future.

Cheers,
Darlene

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:06 PM

Posted 05 October 2008 - 05:44 PM

Hello, deliswiss.

You're welcome :D

Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users