Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/agentbypass.g.en k and more


  • This topic is locked This topic is locked
20 replies to this topic

#1 summer song

summer song

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 18 November 2008 - 08:47 PM

hello i have followed all of the steps. i tried house call it wont work. i did panda and it says i am infected and maybe with 4 infected files which were sent to the lab but i have not heard anything. i did a windows one carescan and it says files are infected and same thing sent them off but it also says i have above virus.and autorun.exe infected and another one likely infected my own antivirus is picking up nothing at the moment but has done over the week with reg/banqsoft.a,darksma downloader,wanti trojan,ambler am trojan,banker z trojan,vundo aag trojan,koolnoody downloader, kazaap2p all been quarantined. i did an online scan with defender but it would not update files, i dont know what to do or if i am still infected.at the start of the problems the internet was getting redircted to advertising sites but at the moment seems ok.this is my daughters laptop which she uses for university but she also uses messanger and facebook so maybe this is where the problems started and with problems at the time with the antivirus not working.here is a log of hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:33 AM, on 11/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /P26 "EPSON Stylus CX4700 Series" /O6 "USB001" /M "Stylus CX4700"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4700 Series on ANGELA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /P41 "Auto EPSON Stylus CX4700 Series on ANGELA" /O35 "\\ANGELA\EPSON Stylus CX4700 Series" /M "Stylus CX4700"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E255E2-0B69-4458-BA9A-69BC495F0D0E}: NameServer = 61.9.242.33,61.9.226.33
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14575 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 26 November 2008 - 10:48 PM

Hello summer song,

Sorry for the delay. We have many logs backed up.


Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.



Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (< info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 04 December 2008 - 12:43 AM

thankyou very much for replying. Sorry i have taken so long to answer but i only have just been able to find my post and realised someone answered me.I am very new at this so sorry if their are any mistakes. Kapersky will not work in normal mode only safe mode in which it says it is clear but i am not sure as this computer has had many viruses over the last month. We dont think the firewall was working but is now fixed i hope. Anyway here are the last month results you asked me to do
Logfile of random's system information tool 1.04 (written by random/random)
Run by TM at 2008-12-04 14:32:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (41%) free of 19 GB
Total RAM: 502 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:15 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TM\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /P26 "EPSON Stylus CX4700 Series" /O6 "USB001" /M "Stylus CX4700"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4700 Series on ANGELA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /P41 "Auto EPSON Stylus CX4700 Series on ANGELA" /O35 "\\ANGELA\EPSON Stylus CX4700 Series" /M "Stylus CX4700"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76E255E2-0B69-4458-BA9A-69BC495F0D0E}: NameServer = 61.9.242.33,61.9.226.33
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14469 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2008-06-23 275896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-08-05 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-08-05 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-08-05 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2002-03-15 45056]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-10-20 184320]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-21 32768]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-09-27 81920]
"EPSON Stylus CX4700 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE [2005-02-02 98304]
"VAIO Update 3"=C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [2007-01-23 546936]
"Auto EPSON Stylus CX4700 Series on ANGELA"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE [2005-02-02 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-15 286720]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2008-10-12 247024]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2008-09-09 234736]
"cafw"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2008-09-09 771312]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2008-09-09 173296]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2008-09-09 259312]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe [2008-04-16 14088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-14 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\TM\Start Menu\Programs\Startup
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-08-05 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [2008-06-23 1373624]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Sony\VAIO Media 5.0\Vc.exe"="C:\Program Files\Sony\VAIO Media 5.0\Vc.exe:*:Disabled:[VAIO Media] VAIO Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b7be30e-9584-11dc-be45-00014af93a54}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-17 17:51:45 ----D---- C:\Documents and Settings\TM\Application Data\Malwarebytes
2008-11-17 17:51:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-17 17:51:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 11:31:51 ----D---- C:\Program Files\trend micro
2008-11-17 11:31:47 ----D---- C:\rsit
2008-11-16 19:00:00 ----D---- C:\Program Files\Panda Security
2008-11-15 19:59:43 ----D---- C:\Documents and Settings\TM\Application Data\Mozilla
2008-11-15 13:40:24 ----D---- C:\Program Files\Lavasoft
2008-11-15 13:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-14 17:46:56 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-14 17:46:56 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-14 17:46:56 ----A---- C:\WINDOWS\system32\java.exe
2008-11-14 17:46:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-14 17:13:41 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-13 17:32:12 ----SHD---- C:\RECYCLER
2008-11-12 21:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 21:44:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 21:42:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 21:36:04 ----A---- C:\WINDOWS\system32\CF11335.exe
2008-11-12 21:35:40 ----A---- C:\Bug.txt
2008-11-12 20:02:54 ----A---- C:\ComboFix.txt
2008-11-12 19:33:13 ----A---- C:\Boot.bak
2008-11-12 19:33:08 ----RASHD---- C:\cmdcons
2008-11-12 19:28:59 ----A---- C:\WINDOWS\zip.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\VFIND.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\SWSC.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\SWREG.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\sed.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\grep.exe
2008-11-12 19:28:59 ----A---- C:\WINDOWS\fdsv.exe
2008-11-12 19:28:43 ----D---- C:\Qoobox
2008-11-12 19:23:32 ----RA---- C:\Autoruns.exe
2008-11-10 10:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-09 16:53:33 ----A---- C:\boot.txt
2008-11-09 15:26:07 ----D---- C:\WINDOWS\Prefetch
2008-11-09 15:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-09 15:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-09 15:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-09 15:20:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-09 15:20:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-09 15:19:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-09 15:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-09 15:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-09 15:19:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-09 15:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-09 15:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-09 15:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-09 15:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-09 15:18:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-09 15:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-09 15:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-09 15:12:47 ----D---- C:\WINDOWS\system32\scripting
2008-11-09 15:12:46 ----D---- C:\WINDOWS\l2schemas
2008-11-09 15:12:45 ----D---- C:\WINDOWS\system32\en
2008-11-09 15:12:44 ----D---- C:\WINDOWS\system32\bits
2008-11-09 15:09:05 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-09 15:00:18 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-07 18:07:21 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-07 14:27:33 ----D---- C:\WINDOWS\ERDNT
2008-11-07 14:27:21 ----D---- C:\Deckard
2008-11-07 14:07:24 ----D---- C:\Program Files\Windows Defender
2008-11-07 12:17:59 ----SHD---- C:\WINDOWS\CSC
2008-11-07 08:16:57 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-06 08:22:21 ----A---- C:\WINDOWS\system32\5f864a21-.txt

======List of files/folders modified in the last 1 months======

2008-12-04 14:29:28 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 14:28:00 ----D---- C:\WINDOWS\Temp
2008-12-04 14:27:33 ----D---- C:\WINDOWS\CAVTemp
2008-12-04 14:26:40 ----SD---- C:\WINDOWS\Tasks
2008-12-04 09:45:47 ----D---- C:\WINDOWS\system32
2008-12-04 07:45:44 ----D---- C:\Documents and Settings\TM\Application Data\CallingID
2008-12-04 07:08:54 ----D---- C:\WINDOWS
2008-12-04 07:02:53 ----D---- C:\WINDOWS\system32\Lang
2008-12-04 07:01:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-04 07:01:40 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 20:42:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 20:14:53 ----SHD---- C:\WINDOWS\Installer
2008-12-03 19:54:37 ----HD---- C:\WINDOWS\inf
2008-11-21 19:00:16 ----HD---- C:\Config.msi
2008-11-21 14:23:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 17:14:30 ----D---- C:\WINDOWS\Help
2008-11-20 10:59:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-19 14:14:10 ----D---- C:\etax2007
2008-11-19 11:14:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-19 10:18:05 ----RD---- C:\Program Files
2008-11-19 10:18:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-19 09:57:51 ----A---- C:\caisslog.txt
2008-11-15 19:33:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-15 13:35:14 ----D---- C:\Documents and Settings\TM\Application Data\Lavasoft
2008-11-15 08:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 19:19:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-14 17:46:27 ----D---- C:\Program Files\Java
2008-11-13 16:13:53 ----SHD---- C:\System Volume Information
2008-11-13 16:13:53 ----D---- C:\WINDOWS\system32\Restore
2008-11-13 14:33:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-12 21:45:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 21:44:23 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 21:41:42 ----D---- C:\WINDOWS\WinSxS
2008-11-12 19:55:19 ----N---- C:\WINDOWS\system.ini
2008-11-12 19:52:17 ----D---- C:\WINDOWS\system32\config
2008-11-12 19:47:36 ----D---- C:\WINDOWS\AppPatch
2008-11-12 19:47:36 ----D---- C:\Program Files\Common Files
2008-11-12 19:33:13 ----RASH---- C:\boot.ini
2008-11-09 15:27:00 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-11-09 15:23:45 ----D---- C:\WINDOWS\system32\Setup
2008-11-09 15:23:44 ----RSD---- C:\WINDOWS\Fonts
2008-11-09 15:23:44 ----D---- C:\WINDOWS\system32\wbem
2008-11-09 15:20:36 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-09 15:18:46 ----D---- C:\Program Files\Messenger
2008-11-09 15:18:19 ----D---- C:\WINDOWS\security
2008-11-09 15:14:52 ----AC---- C:\WINDOWS\setuplog.txt
2008-11-09 15:13:03 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-09 15:13:03 ----D---- C:\WINDOWS\network diagnostic
2008-11-09 15:13:03 ----D---- C:\WINDOWS\ime
2008-11-09 15:12:48 ----D---- C:\WINDOWS\system32\usmt
2008-11-09 15:12:48 ----D---- C:\WINDOWS\system32\en-US
2008-11-09 15:12:44 ----D---- C:\WINDOWS\PeerNet
2008-11-09 15:12:44 ----D---- C:\Program Files\Movie Maker
2008-11-09 15:08:53 ----D---- C:\WINDOWS\system32\npp
2008-11-09 15:08:53 ----D---- C:\WINDOWS\mui
2008-11-09 15:08:52 ----D---- C:\WINDOWS\msagent
2008-11-09 15:08:51 ----D---- C:\WINDOWS\srchasst
2008-11-09 15:08:48 ----D---- C:\Program Files\NetMeeting
2008-11-09 15:08:46 ----D---- C:\WINDOWS\system32\Com
2008-11-09 15:08:43 ----D---- C:\Program Files\Windows Media Player
2008-11-09 15:08:42 ----D---- C:\Program Files\Windows NT
2008-11-09 15:08:42 ----D---- C:\Program Files\Outlook Express
2008-11-09 15:08:39 ----D---- C:\Program Files\Common Files\System
2008-11-09 15:08:13 ----D---- C:\WINDOWS\system32\oobe
2008-11-09 15:08:10 ----D---- C:\WINDOWS\system
2008-11-09 15:04:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-09 15:00:12 ----D---- C:\WINDOWS\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-06 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-06-05 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2008-09-09 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2008-09-09 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2008-09-09 32240]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2008-09-09 21104]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-12-15 17801]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-07-23 11354]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-08-05 1049180]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2005-01-05 394656]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-08-29 77824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-06-05 108368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver; \??\F:\BPIKSp50.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\system32\DRIVERS\enethusb.sys [2004-12-18 28005]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\WG511ICB.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2005-11-30 232448]
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-07-20 3289088]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2008-02-27 144696]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-07-23 86016]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-09-05 283912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-14 152984]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-07-23 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-07-23 372809]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-21 153600]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2008-09-09 255216]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-09-02 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-09-02 118784]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2008-10-12 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-09 143360]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-09-02 270336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-31 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-31 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-31 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-09-27 69632]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe [2005-02-11 397312]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-10-07 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-10-12 1982464]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-10-12 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-10-12 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-10-12 188416]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 04 December 2008 - 04:18 PM

Why did you run ComboFix on your own? :thumbsup:

Also, your should not be running Deckard as that has been withdrawn from use.


You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.

I see no malware. What problems are you having.

Edited by SifuMike, 04 December 2008 - 04:20 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 04 December 2008 - 07:29 PM

thankyou for the reply.quite a few times i contacted ca online support and they connected to my computer and downloaded combofix.NO instructions they just said press fix. The deckard thing i am not sure what that is or if it was used by ca support but i know i am not using it and it can be deleted if i know what to do.About two months ago ca antivirus was playing up as well as the computer running very slowly and turning off and on by itself.Since then combofix has been run once and i have quite a few viruses in quarantine.This is my daughters university laptop and when all the problems started internet explorer kept getting redirected to advertising sights and then turning off. I rang ca support and thats when combofix was done and told me everything was fixed but it wasnt and a lot more trojans were picked up. It wasnt until i downloaded firefox and used a couple of online scans that some of the problems were fixed. It was only last week when the firewall was fixed by ca support. However i now come to the conclusion that there customer support could not figure out what the problem was and that at the time this computer and the software was working but they could not figure out why the trojans kept coming back. I am not sure if everything is ok now but i know my scans are not picking up anything except for the one on my topic which was picked up by windows one care.I al;so dont know why in normal mode quite a few online scans will not work but in safe mode it does . I cant even do ca online scan and i should be able to.Here is a copy of the names that my antivivirus has picked up
KOOLNOODY DOWNLOADER, BIFROST BACKDOOR, Kazaa p2p,darksma downloader, wanti trojan, amble am trojan,banker z trojan, vundoo aag trojan
all these were picked up over the last two months


CA Anti-Spyware Log Report
This report was generated on: 11/21/2008-9:10:32 AM

11/7/2008-11:21:46 AM , Detected , Vundo AAG , Trojan , C:\WINDOWS\system32\vqddfavd.dll , -532229819
11/7/2008-11:21:47 AM , Killed , Vundo AAG , Trojan , C:\WINDOWS\system32\vqddfavd.dll , -532229819
***End Report***

i hope this answers your question but i did not know what to do so i was recommended by a friend to try your site. at the moment internet explorer is not getting redirected but loads very slowly infact the whole computer is running quite slow and i am not sure why? I have done a few pandas online scans and i had to send four files to be inspected and i got an email back to say i was infected
but it wont fix it unless i put there software on. So hence i am not sure if there is a problem or not. Thanks for answering me!!

Edited by summer song, 04 December 2008 - 07:58 PM.


#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 04 December 2008 - 10:16 PM

I am coming in very late here! You have been working with another person at CA online support using ComboFix, and I have no idea of what they removed or why. :)
That makes it very difficult for me.


Here is a copy of the names that my antivivirus has picked up
KOOLNOODY DOWNLOADER, BIFROST BACKDOOR, Kazaa p2p,darksma downloader, wanti trojan, amble am trojan,banker z trojan, vundoo aag trojan
all these were picked up over the last two months


Virus from the last two months are not helping to me as your antivirus has probably removed them by now.
I am only interested in what your antivirus is finding now.

CA Anti-Spyware Log Report
This report was generated on: 11/21/2008-9:10:32 AM

11/7/2008-11:21:46 AM , Detected , Vundo AAG , Trojan , C:\WINDOWS\system32\vqddfavd.dll , -532229819
11/7/2008-11:21:47 AM , Killed , Vundo AAG , Trojan , C:\WINDOWS\system32\vqddfavd.dll , -532229819
***End Report***


Looks like your CA Anti-Spyware killed those, so why are you worried?
That virus was killed on 11/7/2008, over a month ago. :thumbsup:


************************

at the moment internet explorer is not getting redirected but loads very slowly infact the whole computer is running quite slow and i am not sure why?


Is that the only problem you see on this computer?

************************

dont know why in normal mode quite a few online scans will not work but in safe mode it does


Try running Kaspersky Online Scanner with
SAFE MODE WITH NETWORKING

How to boot to Safe Mode with Networking
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode with Networking" from the menu......,then press the "Enter" key.



When you bootup to the safe mode menu screen, select from the following option:
Safe Mode with Networking
This option loads all these files and drivers and the services and drivers necessary to start networking.

Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.

Edited by SifuMike, 04 December 2008 - 10:38 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 05 December 2008 - 05:00 AM

thankyou for the reply. My problems started with picking up viruses 2 months ago when the software was due for renewal but had not expired until the end of the month. I contacted them as the computer was picking up many infections at the moment my antivirus scan is clear. I do have a combofix in notepad which i have just found and it explains what was done. today i did a scan on bitdefender and it picked up a virus with movemediaplayer _07103010 and it is called backdoor generic. I decided to contact you as i cannot understand why viruses keep getting picked up. I did a kapersky scan in safe mode and it was clear but i do not know or understand why online scans are not working in normal mode. I would say i still have a problem with win/32agentbypass.g.en k which windows one care picked up but was unable to fix.If you are able to help that will be good as i have no idea what is causing these problems. THANKS

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 05 December 2008 - 11:06 AM

I do have a combofix in notepad which i have just found and it explains what was done.

Good. Post it.


I would say i still have a problem with win/32agentbypass.g.en k which windows one care


Please post the Windows One Care log so I can see what it is finding and where.

Please post the Kaspersky Online Scan log.

Edited by SifuMike, 05 December 2008 - 12:41 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 06 December 2008 - 03:20 AM

thankyou for replying. I have had to redo scans to get the reports and did a few ones hence it took ages. I am unable to do kapersky in normal mode only safe mode and it is clear and i could not save report. I did a bitdefender and it deleted movemedia player_07103010.exe infected with backdoor.generic.133362.
windows one care unable to save report so will write it.
Trojan win32/AgentBypass.gen!k ...............2 items detected
C:\Sysem restore information\restore{7f943665-c404-4c78-9e93-be1c52d99a}........1 item detected
[upx]\[rarsfx]\32788r22fwjfw\catchme.cfexe\.............i item detected
{upx}...............likely infected
c:\autoruns\catchme.cfexe.....................likely infected
{upx}.....likely infected
nothing was done just the results sent to microsoft
i then did a scan from panda and here is the results
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-05 20:30:57
PROTECTIONS: 3
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
CA Anti-Virus 9.0.0.174 No Yes
Windows Defender 1.1.4205.0 No No
CA Anti-Spyware 10.0.0.142 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
04264159 Generic Trojan Virus/Trojan No 0 Yes No C:\Autoruns.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |
;===================================================================================================================================================================================
;


===================================================================================================================================================================================
here are the combofix results
ComboFix 08-11-11.01 - TM 2008-11-12 19:39:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.180 [GMT 9:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bsn32.dll
c:\windows\system32\cs.dat
c:\windows\system32\csm.txt
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\FgQBHkkj.ini
c:\windows\system32\lsorjbkg.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\TDSScfgb.log
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSmqxt.dat
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSruxa.log
c:\windows\system32\TDSSsbhc.log
c:\windows\system32\yhkfylgh.ini
c:\windows\system32\ylwlqdas.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 19:23 . 2008-11-12 19:28 3,044,984 -ra------ C:\Autoruns.exe
2008-11-12 08:31 . 2008-11-12 18:45 65,024 --a------ c:\windows\system32\sac32.dll
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\scripting
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\en
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\bits
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\l2schemas
2008-11-09 15:09 . 2008-11-09 15:13 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-07 21:40 . 2008-11-07 21:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-11-07 18:07 . 2008-11-07 18:31 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-07 17:51 . 2008-11-08 09:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CallingID
2008-11-07 14:27 . 2008-11-07 14:27 <DIR> d-------- C:\Deckard
2008-11-07 14:07 . 2008-11-07 14:07 <DIR> d-------- c:\program files\Windows Defender
2008-11-07 11:12 . 2008-11-07 11:12 130 --a------ c:\documents and settings\TM\delself.bat
2008-10-24 17:16 . 2008-10-16 01:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 18:39 . 2004-05-14 17:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-17 18:39 . 2004-01-12 03:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-17 18:39 . 2003-11-04 16:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-17 16:24 . 2008-09-08 19:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-17 16:20 . 2008-09-15 21:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-17 16:19 . 2008-08-14 19:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 16:19 . 2008-08-14 19:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 16:19 . 2008-08-14 18:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 16:19 . 2008-08-14 18:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-11-12 10:52 123,508 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-11-12 09:45 --------- d-----w c:\documents and settings\TM\Application Data\CallingID
2008-10-02 13:22 --------- d-----w c:\documents and settings\TM\Application Data\Move Networks
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-09 10:13 91,376 ----a-w c:\windows\system32\isafprod.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-08-30 01:14 73,296 ----a-w c:\documents and settings\\Application Data\GDIPFONTCACHEV1.DAT
2006-11-08 12:20 73,296 -c--a-w c:\documents and settings\TM\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 32768]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"EPSON Stylus CX4700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-23 546936]
"Auto EPSON Stylus CX4700 Series on ANGELA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-15 286720]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-12 247024]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-09 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-09 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-09 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-04-16 14088]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 c:\windows\RTHDCPL.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2005-12-16 491520]

c:\documents and settings\Mandy-Lee\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2005-12-16 491520]
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-02-06 778240]

c:\documents and settings\TM\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-02-06 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 10:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;F:\BPIKSp50.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 32768]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [ ]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26917b48-36bb-11dc-bdd7-00014af93a54}]
\Shell\AutoRun\command - G:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b7be30e-9584-11dc-be45-00014af93a54}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6be423e4-3cc0-11db-bd16-00014af93a54}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74F146A4-78ED-4860-9EA5-753239D00574} - c:\windows\system32\jkkHBQgF.dll
HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
ShellExecuteHooks-{6ED59772-F4EB-4FDE-BBB3-E939952686BF} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
O17 -: HKLM\CCS\Interface\{76E255E2-0B69-4458-BA9A-69BC495F0D0E}:
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware
Rootkit scan 2008-11-12 19:55:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 11:01:59

Pre-Run: 8,718,028,800 bytes free
Post-Run: 8,685,879,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2008-11-11 23:45:39
ComboFix 08-11-11.01 - TM 2008-11-12 19:39:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.180 [GMT 9:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bsn32.dll
c:\windows\system32\cs.dat
c:\windows\system32\csm.txt
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\FgQBHkkj.ini
c:\windows\system32\lsorjbkg.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\TDSScfgb.log
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSmqxt.dat
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSruxa.log
c:\windows\system32\TDSSsbhc.log
c:\windows\system32\yhkfylgh.ini
c:\windows\system32\ylwlqdas.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 19:23 . 2008-11-12 19:28 3,044,984 -ra------ C:\Autoruns.exe
2008-11-12 08:31 . 2008-11-12 18:45 65,024 --a------ c:\windows\system32\sac32.dll
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\scripting
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\en
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\bits
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\l2schemas
2008-11-09 15:09 . 2008-11-09 15:13 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-07 21:40 . 2008-11-07 21:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-11-07 18:07 . 2008-11-07 18:31 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-07 17:51 . 2008-11-08 09:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CallingID
2008-11-07 14:27 . 2008-11-07 14:27 <DIR> d-------- C:\Deckard
2008-11-07 14:07 . 2008-11-07 14:07 <DIR> d-------- c:\program files\Windows Defender
2008-11-07 11:12 . 2008-11-07 11:12 130 --a------ c:\documents and settings\TM\delself.bat
2008-10-24 17:16 . 2008-10-16 01:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 18:39 . 2004-05-14 17:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-17 18:39 . 2004-01-12 03:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-17 18:39 . 2003-11-04 16:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-17 16:24 . 2008-09-08 19:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-17 16:20 . 2008-09-15 21:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-17 16:19 . 2008-08-14 19:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 16:19 . 2008-08-14 19:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 16:19 . 2008-08-14 18:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 16:19 . 2008-08-14 18:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-11-12 10:52 123,508 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-11-12 09:45 --------- d-----w c:\documents and settings\TM\Application Data\CallingID
2008-10-02 13:22 --------- d-----w c:\documents and settings\TM\Application Data\Move Networks
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-09 10:13 91,376 ----a-w c:\windows\system32\isafprod.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-08-30 01:14 73,296 ----a-w c:\documents and settings\\Application Data\GDIPFONTCACHEV1.DAT
2006-11-08 12:20 73,296 -c--a-w c:\documents and settings\TM\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 32768]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"EPSON Stylus CX4700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-23 546936]
"Auto EPSON Stylus CX4700 Series on ANGELA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-15 286720]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-12 247024]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-09 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-09 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-09 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-04-16 14088]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 c:\windows\RTHDCPL.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2005-12-16 491520]

c:\documents and settings\Mandy-Lee\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2005-12-16 491520]
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-02-06 778240]

c:\documents and settings\TM\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-02-06 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 10:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;F:\BPIKSp50.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 32768]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [ ]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26917b48-36bb-11dc-bdd7-00014af93a54}]
\Shell\AutoRun\command - G:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b7be30e-9584-11dc-be45-00014af93a54}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6be423e4-3cc0-11db-bd16-00014af93a54}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74F146A4-78ED-4860-9EA5-753239D00574} - c:\windows\system32\jkkHBQgF.dll
HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
ShellExecuteHooks-{6ED59772-F4EB-4FDE-BBB3-E939952686BF} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
O17 -: HKLM\CCS\Interface\{76E255E2-0B69-4458-BA9A-69BC495F0D0E}:
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector
Rootkit scan 2008-11-12 19:55:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 11:01:59

Pre-Run: 8,718,028,800 bytes free
Post-Run: 8,685,879,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2008-11-11 23:45:39
ComboFix 08-11-11.01 - TM 2008-11-12 19:39:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.180 [GMT 9:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bsn32.dll
c:\windows\system32\cs.dat
c:\windows\system32\csm.txt
c:\windows\system32\drivers\TDSSmqlt.sys
c:\windows\system32\FgQBHkkj.ini
c:\windows\system32\lsorjbkg.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\TDSScfgb.log
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSliqp.dll
c:\windows\system32\TDSSmqxt.dat
c:\windows\system32\TDSSnrse.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvn.dll
c:\windows\system32\TDSSruxa.log
c:\windows\system32\TDSSsbhc.log
c:\windows\system32\yhkfylgh.ini
c:\windows\system32\ylwlqdas.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-12 19:23 . 2008-11-12 19:28 3,044,984 -ra------ C:\Autoruns.exe
2008-11-12 08:31 . 2008-11-12 18:45 65,024 --a------ c:\windows\system32\sac32.dll
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\scripting
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\en
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\system32\bits
2008-11-09 15:12 . 2008-11-09 15:12 <DIR> d-------- c:\windows\l2schemas
2008-11-09 15:09 . 2008-11-09 15:13 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-07 21:40 . 2008-11-07 21:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-11-07 18:07 . 2008-11-07 18:31 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-07 17:51 . 2008-11-08 09:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CallingID
2008-11-07 14:27 . 2008-11-07 14:27 <DIR> d-------- C:\Deckard
2008-11-07 14:07 . 2008-11-07 14:07 <DIR> d-------- c:\program files\Windows Defender
2008-11-07 11:12 . 2008-11-07 11:12 130 --a------ c:\documents and settings\TM\delself.bat
2008-10-24 17:16 . 2008-10-16 01:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 18:39 . 2004-05-14 17:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-17 18:39 . 2004-01-12 03:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-17 18:39 . 2003-11-04 16:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-17 18:39 . 2004-05-14 17:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-17 16:24 . 2008-09-08 19:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-17 16:20 . 2008-09-15 21:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-17 16:19 . 2008-08-14 19:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 16:19 . 2008-08-14 19:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 16:19 . 2008-08-14 18:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 16:19 . 2008-08-14 18:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k7
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k6
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k5
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k4
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k3
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k2
2008-11-12 10:52 64 ----a-w c:\windows\system32\drivers\kmxcfg.u2k1
2008-11-12 10:52 123,508 ----a-w c:\windows\system32\drivers\kmxcfg.u2k0
2008-11-12 09:45 --------- d-----w c:\documents and settings\TM\Application Data\CallingID
2008-10-02 13:22 --------- d-----w c:\documents and settings\TM\Application Data\Move Networks
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-09 10:13 91,376 ----a-w c:\windows\system32\isafprod.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-08-30 01:14 73,296 ----a-w c:\documents and settings\\Application Data\GDIPFONTCACHEV1.DAT
2006-11-08 12:20 73,296 -c--a-w c:\documents and settings\TM\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 32768]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"EPSON Stylus CX4700 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-23 546936]
"Auto EPSON Stylus CX4700 Series on ANGELA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE" [2005-02-02 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-15 286720]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-12 247024]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-09-09 234736]
"cafw"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-09-09 771312]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-09-09 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-09-09 259312]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2008-04-16 14088]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 c:\windows\RTHDCPL.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2005-12-16 491520]

c:\documents and settings\Mandy-Lee\Start Menu\Programs\Startup\
E-Flyer.lnk - c:\program files\Sony\E-Flyer\E-Flyer.exe [2005-12-16 491520]
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-02-06 778240]

c:\documents and settings\TM\Start Menu\Programs\Startup\
VAIO Launcher.lnk - c:\program files\Sony\VAIO Launcher\Launcher.exe [2006-02-06 778240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 10:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sony\\VAIO Media 5.0\\Vc.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-09-09 185584]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
S3 BPIKSp50;BPIKSp50 NDIS Protocol Driver;F:\BPIKSp50.sys [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;c:\program files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 32768]
S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [ ]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\DRIVERS\SonyImgF.sys [2005-11-30 28800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26917b48-36bb-11dc-bdd7-00014af93a54}]
\Shell\AutoRun\command - G:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b7be30e-9584-11dc-be45-00014af93a54}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6be423e4-3cc0-11db-bd16-00014af93a54}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74F146A4-78ED-4860-9EA5-753239D00574} - c:\windows\system32\jkkHBQgF.dll
HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
ShellExecuteHooks-{6ED59772-F4EB-4FDE-BBB3-E939952686BF} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
O17 -: HKLM\CCS\Interface\{76E255E2-0B69-4458-BA9A-69BC495F0D0E}: NameServer =
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware
Rootkit scan 2008-11-12 19:55:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\cappactiveprotection.exe
c:\program files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-12 20:02:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 11:01:59

Pre-Run: 8,718,028,800 bytes free
Post-Run: 8,685,879,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

232 --- E O F --- 2008-11-11 23:45:39
2008-11-06 08:18:31 A------- 713,976 C:\Qoobox\Quarantine\C\WINDOWS\system32\FgQBHkkj.ini.vir
2008-11-06 08:23:00 A------- 1,915,276 C:\Qoobox\Quarantine\C\WINDOWS\system32\ylwlqdas.ini.vir
2008-11-06 11:11:06 A------- 1,915,276 C:\Qoobox\Quarantine\C\WINDOWS\system32\yhkfylgh.ini.vir
2008-11-06 18:25:38 A------- 143 C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-11-07 11:12:42 A------- 60,416 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir
2008-11-07 11:12:43 A------- 35,840 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir
2008-11-07 11:15:23 A------- 527 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmqxt.dat.vir
2008-11-07 11:15:34 A------- 29,696 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoeqh.dll.vir
2008-11-07 11:15:37 A------- 31,232 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSosvn.dll.vir
2008-11-07 11:15:42 A------- 73,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrse.dll.vir
2008-11-07 11:15:53 A------- 2,804 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSliqp.dll.vir
2008-11-07 11:15:56 A------- 5,812 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSsbhc.log.vir
2008-11-07 11:18:32 A------- 1,927,452 C:\Qoobox\Quarantine\C\WINDOWS\system32\lsorjbkg.ini.vir
2008-11-07 11:44:26 A------- 1,462 C:\Qoobox\Quarantine\C\WINDOWS\system32\csm.txt.vir
2008-11-12 08:28:17 A------- 65,024 C:\Qoobox\Quarantine\C\WINDOWS\system32\bsn32.dll.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\cs.dat.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ps1.dat.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rc.dat.vir
2008-11-12 19:28:43 A------- 112 C:\Qoobox\Quarantine\catchme.log
2008-11-12 19:33:37 A------- 1,123 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSSERV.SYS.reg.dat
2008-11-12 19:49:05 A------- 9,408 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-12 19:59:45 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{74F146A4-78ED-4860-9EA5-753239D00574}.reg.dat
2008-11-12 19:59:51 A------- 141 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MSKAGENTEXE.reg.dat
2008-11-12 20:00:37 A------- 146 C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{6ED59772-F4EB-4FDE-BBB3-E939952686BF}.reg.dat

2008-11-06 08:18:31 A------- 713,976 C:\Qoobox\Quarantine\C\WINDOWS\system32\FgQBHkkj.ini.vir
2008-11-06 08:23:00 A------- 1,915,276 C:\Qoobox\Quarantine\C\WINDOWS\system32\ylwlqdas.ini.vir
2008-11-06 11:11:06 A------- 1,915,276 C:\Qoobox\Quarantine\C\WINDOWS\system32\yhkfylgh.ini.vir
2008-11-06 18:25:38 A------- 143 C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-11-07 11:12:42 A------- 60,416 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir
2008-11-07 11:12:43 A------- 35,840 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir
2008-11-07 11:15:23 A------- 527 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmqxt.dat.vir
2008-11-07 11:15:34 A------- 29,696 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoeqh.dll.vir
2008-11-07 11:15:37 A------- 31,232 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSosvn.dll.vir
2008-11-07 11:15:42 A------- 73,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrse.dll.vir
2008-11-07 11:15:53 A------- 2,804 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSliqp.dll.vir
2008-11-07 11:15:56 A------- 5,812 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSsbhc.log.vir
2008-11-07 11:18:32 A------- 1,927,452 C:\Qoobox\Quarantine\C\WINDOWS\system32\lsorjbkg.ini.vir
2008-11-07 11:44:26 A------- 1,462 C:\Qoobox\Quarantine\C\WINDOWS\system32\csm.txt.vir
2008-11-12 08:28:17 A------- 65,024 C:\Qoobox\Quarantine\C\WINDOWS\system32\bsn32.dll.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\cs.dat.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ps1.dat.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rc.dat.vir
2008-11-12 19:28:43 A------- 112 C:\Qoobox\Quarantine\catchme.log
2008-11-12 19:33:37 A------- 1,123 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSSERV.SYS.reg.dat
2008-11-12 19:49:05 A------- 9,408 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-12 19:59:45 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{74F146A4-78ED-4860-9EA5-753239D00574}.reg.dat
2008-11-12 19:59:51 A------- 141 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MSKAGENTEXE.reg.dat
2008-11-12 20:00:37 A------- 146 C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{6ED59772-F4EB-4FDE-BBB3-E939952686BF}.reg.dat
2008-11-06 08:18:31 A------- 713,976 C:\Qoobox\Quarantine\C\WINDOWS\system32\FgQBHkkj.ini.vir
2008-11-06 08:23:00 A------- 1,915,276 C:\Qoobox\Quarantine\C\WINDOWS\system32\ylwlqdas.ini.vir
2008-11-06 11:11:06 A------- 1,915,276 C:\Qoobox\Quarantine\C\WINDOWS\system32\yhkfylgh.ini.vir
2008-11-06 18:25:38 A------- 143 C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-11-07 11:12:42 A------- 60,416 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSmqlt.sys.vir
2008-11-07 11:12:43 A------- 35,840 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqh.dll.vir
2008-11-07 11:15:23 A------- 527 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSmqxt.dat.vir
2008-11-07 11:15:34 A------- 29,696 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoeqh.dll.vir
2008-11-07 11:15:37 A------- 31,232 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSosvn.dll.vir
2008-11-07 11:15:42 A------- 73,728 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrse.dll.vir
2008-11-07 11:15:53 A------- 2,804 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSliqp.dll.vir
2008-11-07 11:15:56 A------- 5,812 C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSsbhc.log.vir
2008-11-07 11:18:32 A------- 1,927,452 C:\Qoobox\Quarantine\C\WINDOWS\system32\lsorjbkg.ini.vir
2008-11-07 11:44:26 A------- 1,462 C:\Qoobox\Quarantine\C\WINDOWS\system32\csm.txt.vir
2008-11-12 08:28:17 A------- 65,024 C:\Qoobox\Quarantine\C\WINDOWS\system32\bsn32.dll.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\cs.dat.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ps1.dat.vir
2008-11-12 18:54:42 A------- 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rc.dat.vir
2008-11-12 19:28:43 A------- 112 C:\Qoobox\Quarantine\catchme.log
2008-11-12 19:33:37 A------- 1,123 C:\Qoobox\Quarantine\Registry_backups\Service_TDSSSERV.SYS.reg.dat
2008-11-12 19:49:05 A------- 9,408 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-11-12 19:59:38 A------- 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-11-12 19:59:45 A------- 374 C:\Qoobox\Quarantine\Registry_backups\BHO-{74F146A4-78ED-4860-9EA5-753239D00574}.reg.dat
2008-11-12 19:59:51 A------- 141 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-MSKAGENTEXE.reg.dat
2008-11-12 20:00:37 A------- 146 C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{6ED59772-F4EB-4FDE-BBB3-E939952686BF}.reg.dat

i hope this ok and what you need. thankyou

Edited by summer song, 06 December 2008 - 07:48 PM.


#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 07 December 2008 - 01:28 AM

I am unable to do kapersky in normal mode only safe mode and it is clear and i could not save report

.

Like I said in my previous post, run Kaspersky online Scanner with Safe Mode with Networking and post the report. I want to see the report.


Trojan win32/AgentBypass.gen!k ...............2 items detected
C:\Sysem restore information\restore{7f943665-c404-4c78-9e93-be1c52d99a}........1 item detected
[upx]\[rarsfx]\32788r22fwjfw\catchme.cfexe\.............i item detected
{upx}...............likely infected
c:\autoruns\catchme.cfexe.....................likely infected
{upx}.....likely infected


Trojan win32/AgentBypass.gen!k was previously was deleted by your antivirus and placed in your System Restore folder. It will not hurt you there. We will delete the files in the System Restore folder later.

catchme.cfexe is OK as it is part of combofix.

Is this the only problems you are seeing?

Edited by SifuMike, 07 December 2008 - 01:31 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 07 December 2008 - 03:22 AM

thankyou for the reply.I managed to save kaperskys scan in word. Yes i think this is the problem at the moment, i did not know my antivirus program caught this virus as i can view the log but it must be under a different name. I just cannot understand why so many problems with viruses trojans diallers etc have suddenly appeared unless my software is not working efficiently. Thankyou for helping
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 4, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 04, 2008 00:16:01
Records in database: 1435674


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
F:\

Scan statistics
Files scanned 65347
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:14:12

No malware has been detected. The scan area is clean.
The selected area was scanned.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 07 December 2008 - 10:37 AM

Idid not know my antivirus program caught this virus as i can view the log but it must be under a different name.



What virus are you seeing? In your previous post you said "windows one care unable to save report so will write it." Both of those were OK. We will clean the system restore file and that will get rid of the previous deleted virus.

I think you are free of viruses.


I just cannot understand why so many problems with viruses trojans diallers etc have suddenly appeared unless my software is not working efficiently


Someone must have visited at web site or downloaded a program that had viruses.


Let's clean your System Restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows.
The files in System Restore are protected to prevent any programs from changing those files.
This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
NOTE: only do this ONCE, NOT on a regular basis

System Restore will now be active again.

Edited by SifuMike, 07 December 2008 - 10:45 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 07 December 2008 - 09:42 PM

thankyou very much for your help i have done both of the restore instructions and thats wonderful that i have no viruses. REgarding the deckard can you please tell me how to get rid of it as i dont use it. Also hijack this and combofix i wont use either unless i get any problems in the future but i can download again after instructed from your site. I definately wont let ca online support run it again and not even want to read the logs they just said download press fix and see you later. Anyway should i delete these because i noticed that combofix has folder with quoobox and backups etc... once again thankyou

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:32 PM

Posted 07 December 2008 - 09:52 PM

Hello,

Your very welcome. I hope your computer continues to run smoothly.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTMoveIt3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


You can delete Deckard from your desktop.
Also delete C:\Deckard\Main.txt and C:\Deckard\Extra.txt

Edited by SifuMike, 07 December 2008 - 09:53 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 summer song

summer song
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:32 AM

Posted 07 December 2008 - 11:15 PM

thanks heaps for your reply. I tried to go to start and run and wrote what you said but it keeps coming up and saying windows cannot find. Also the name deckard is not on my desktop is it called something else ? all the rest of the instructions i am very lost except for the system restore which you showed me how to do . I have no idea how to do it and i am sorry but can you explain how to do them as . . i have no idea how. I ran search and typed combofix and here are the results . I cant copy and paste it wont work. But combofix is in documents and settings, my computer, c:/auturuns,C:/, C:/Quoobox. and deckard is in c:\. thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users