Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SuperJuan, Virtumonde infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 RobOK

RobOK

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 20 December 2008 - 07:44 AM

I have an infection of Superjuan and virtumonde. Nod32 found it, but cannot get rid of it. I have ComboFix installed and the Recovery Console.

When ComboFix runs, it gets a little bit into it and then gets a blue screen of death and reboots.

I turn off Nod32 when I run ComboFix.

What typically causes a blue screen? Is there something else that needs to be turned off? Should I uninstall Nod32 completely.

I am going to run a Hijack log next, the laptop infected cannot access the internet b/c of the malware, so i have to go back and forth between mahines.

Posted Dec. 20 at 7.55 a.m. EST

Here is the RJIT Log:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Kristin at 2008-12-20 07:52:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (70%) free of 51 GB
Total RAM: 2038 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:52, on 2008-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesIntelWirelessBinZcfgSvc.exe
C:Program FilesIntelWirelessBinWLKeeper.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:PROGRA~1IntelWirelessBin1XConfig.exe
C:Program FilesApointApoint.exe
C:Program FilesSonyVAIO Power ManagementSPMgr.exe
C:Program FilesSonyISB UtilityISBMgr.exe
C:Program FilesSonyVAIO Update 2VAIOUpdt.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesApointApntex.exe
C:Program FilesSonyWireless Switch Setting UtilitySwitcher.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesBrotherControlCenter2brctrcen.exe
C:Program FilesEsetnod32krn.exe
C:Program FilesIntelWirelessBinOProtSvc.exe
C:WINDOWSsystem32HPZipm12.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesIntelWirelessBinEOUWiz.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesSonyVAIO Event ServiceVESMgr.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
C:Program FilesJavajre1.6.0_03binjusched.exe
C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe
C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
C:WINDOWSsystem32ctfmon.exe
C:IBackup DriveIBackup Drive.exe
C:Program FilesAIM6aim6.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSSCMain.exe
C:WINDOWSWCMain.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesHPDigital Imagingbinhpqimzone.exe
C:Program FilesAIM6aolsoftware.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsKristinDesktopRSIT.exe
C:Program FilesTrend MicroHijackThisKristin.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.cnn.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: {d6adac81-9334-380b-d7b4-7c4c2851abf1} - {1fba1582-c4c7-4b7d-b083-433918cada6d} - C:WINDOWSsystem32qtayzx.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:WINDOWSsystem32opnmMdCs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:WINDOWSDownloaded Program Filesgbiehuni.dll
O2 - BHO: (no name) - {D5B949AF-2BB2-4D3D-8B63-84C9A345B122} - C:WINDOWSsystem32mlJDtqQK.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Apoint] C:Program FilesApointApoint.exe
O4 - HKLM..Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM..Run: [SonyPowerCfg] C:Program FilesSonyVAIO Power ManagementSPMgr.exe
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [ISBMgr.exe] C:Program FilesSonyISB UtilityISBMgr.exe
O4 - HKLM..Run: [VAIO Update 2] "C:Program FilesSonyVAIO Update 2VAIOUpdt.exe" /Stationary
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [Switcher.exe] C:Program FilesSonyWireless Switch Setting UtilitySwitcher.exe
O4 - HKLM..Run: [VAIO Recovery] C:WINDOWSSonysysVAIO RecoveryPartSeal.exe
O4 - HKLM..Run: [EPSON Stylus CX4600 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [PaperPort PTD] C:Program FilesScanSoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [IndexSearch] C:Program FilesScanSoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [ControlCenter2.0] C:Program FilesBrotherControlCenter2brctrcen.exe /autorun
O4 - HKLM..Run: [Auto EPSON Stylus CX4600 Series on ARCASPICIO] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE /P45 "Auto EPSON Stylus CX4600 Series on ARCASPICIO" /O21 "ARCASPICIOPrinter5" /M "Stylus CX4600"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [IntelZeroConfig] C:Program FilesIntelWirelessbinZCfgSvc.exe
O4 - HKLM..Run: [IntelWireless] C:Program FilesIntelWirelessBinifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM..Run: [EOUApp] C:Program FilesIntelWirelessBinEOUWiz.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [Auto EPSON Stylus CX4600 Series on SETH] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE /P39 "Auto EPSON Stylus CX4600 Series on SETH" /O15 "SETHPrinter2" /M "Stylus CX4600"
O4 - HKLM..Run: [SETHEPSON Stylus CX4600 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE /P33 "SETHEPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM..Run: [eFax 4.3] "C:Program FileseFax Messenger 4.3J2GDllCmd.exe" /R
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.6.0_03binjusched.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [IBackup Drive] "C:IBackup DriveIBackup Drive.exe" Minimize
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU..Run: [updateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:Program FileseFax Messenger 4.3J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:WINDOWSSCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:WINDOWSWCMain.exe
O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binnpjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binnpjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:Program FilesCommon FilesSourceTecSWF CatcherInternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186086876968
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslib...ntent/AcpIR.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - Winlogon Notify: GbPluginUni - C:WINDOWSDownloaded Program Filesgbiehuni.dll
O20 - Winlogon Notify: opnmMdCs - C:WINDOWSSYSTEM32opnmMdCs.dll
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:Program FilesSonyImage Converter 2IcVzMon.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:Program FilesIntelWirelessBinOProtSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCsVzHardwareResourceManagerVzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:Program FilesSonyVAIO Event ServiceVESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:Program FilesSonyVAIO Media Integrated ServerPlatformVmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:Program FilesIntelWirelessBinWLKeeper.exe

--
End of file - 15432 bytes

======Scheduled tasks folder======

C:WINDOWStasksRegistration reminder 1.job
C:WINDOWStasksRegistration reminder 2.job
C:WINDOWStasksRegistration reminder 3.job
C:WINDOWStasksUser_Feed_Synchronization-{F537B6C4-9FC6-4B09-9A51-8EA3DB374AEE}.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1fba1582-c4c7-4b7d-b083-433918cada6d}]
C:WINDOWSsystem32qtayzx.dll [2008-12-19 129024]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
C:PROGRA~1SPYBOT~1SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:WINDOWSsystem32opnmMdCs.dll [2008-12-01 32768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:Program FilesJavajre1.6.0_03binssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:program filesgooglegoogletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll [2008-09-14 737776]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:WINDOWSDownloaded Program Filesgbiehuni.dll [2008-08-29 378784]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D5B949AF-2BB2-4D3D-8B63-84C9A345B122}]
C:WINDOWSsystem32mlJDtqQK.dll [2008-12-01 318464]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:program filesgooglegoogletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"=C:WINDOWSsystem32NvCpl.dll [2005-05-27 6746112]
"Apoint"=C:Program FilesApointApoint.exe [2003-11-07 114688]
"Mouse Suite 98 Daemon"=ICO.EXE []
"SonyPowerCfg"=C:Program FilesSonyVAIO Power ManagementSPMgr.exe [2005-05-15 184320]
"Alcmtr"=C:WINDOWSALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:Program FilesRealtekInstallShieldAzMixerSel.exe [2005-05-20 57344]
"ISBMgr.exe"=C:Program FilesSonyISB UtilityISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:Program FilesSonyVAIO Update 2VAIOUpdt.exe [2005-01-14 151552]
"ISUSPM Startup"=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1isuspm.exe [2004-08-09 221184]
"ISUSScheduler"=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2005-06-10 81920]
"IgfxTray"=C:WINDOWSsystem32igfxtray.exe [2005-06-29 94208]
"HotKeysCmds"=C:WINDOWSsystem32hkcmd.exe [2005-06-29 77824]
"Persistence"=C:WINDOWSsystem32igfxpers.exe [2005-06-29 114688]
"Switcher.exe"=C:Program FilesSonyWireless Switch Setting UtilitySwitcher.exe [2005-01-20 167936]
"VAIO Recovery"=C:WINDOWSSonysysVAIO RecoveryPartSeal.exe [2003-04-19 28672]
"EPSON Stylus CX4600 Series"=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE [2004-03-04 98304]
"SSBkgdUpdate"=C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:Program FilesScanSoftPaperPortpptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:Program FilesScanSoftPaperPortIndexSearch.exe [2004-04-14 40960]
"ControlCenter2.0"=C:Program FilesBrotherControlCenter2brctrcen.exe [2004-07-20 851968]
"Auto EPSON Stylus CX4600 Series on ARCASPICIO"=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE [2004-03-04 98304]
"TkBellExe"=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2006-02-15 180269]
"IntelZeroConfig"=C:Program FilesIntelWirelessbinZCfgSvc.exe [2006-01-27 401408]
""= []
"IntelWireless"=C:Program FilesIntelWirelessBinifrmewrk.exe [2006-01-27 385024]
"EOUApp"=C:Program FilesIntelWirelessBinEOUWiz.exe [2006-01-27 356352]
"iTunesHelper"=C:Program FilesiTunesiTunesHelper.exe [2006-02-23 278528]
"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2006-05-03 155648]
"HP Software Update"=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2006-02-19 49152]
"nod32kui"=C:Program FilesEsetnod32kui.exe [2007-06-25 949376]
"Auto EPSON Stylus CX4600 Series on SETH"=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE [2004-03-04 98304]
"SETHEPSON Stylus CX4600 Series"=C:WINDOWSSystem32spoolDRIVERSW32X863E_FATI9AA.EXE [2004-03-04 98304]
"eFax 4.3"=C:Program FileseFax Messenger 4.3J2GDllCmd.exe [2007-03-06 116224]
"SunJavaUpdateSched"=C:Program FilesJavajre1.6.0_03binjusched.exe [2007-09-25 132496]
"KernelFaultCheck"=C:WINDOWSsystem32dumprep 0 -k []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"swg"=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-06-14 68856]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
"IBackup Drive"=C:IBackup DriveIBackup Drive.exe [2008-01-29 230880]
"Aim6"=C:Program FilesAIM6aim6.exe [2008-01-03 50528]
"updateMgr"=C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe [2004-11-22 307200]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
eFax 4.3.lnk - C:Program FileseFax Messenger 4.3J2GTray.exe
HP Digital Imaging Monitor.lnk - C:Program FilesHPDigital Imagingbinhpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:Program FilesHPDigital Imagingbinhpqthb08.exe
Stardust Screen Saver Control 2003.lnk - C:WINDOWSSCMain.exe
Stardust Wallpaper Control 2003.lnk - C:WINDOWSWCMain.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify GbPluginUni]
C:WINDOWSDownloaded Program Filesgbiehuni.dll [2008-08-29 378784]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2005-06-29 131072]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyIntelWireless]
C:Program FilesIntelWirelessBinLgNotify.dll [2006-01-27 110592]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyopnmMdCs]
C:WINDOWSsystem32opnmMdCs.dll [2008-12-01 32768]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyVESWinlogon]
C:WINDOWSsystem32VESWinlogon.dll [2005-05-20 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{54697F09-BAF4-422E-8E7A-A563B020B1A5}"=C:IBackup DriveIBShellView.dll [2008-01-29 536576]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:WINDOWSDownloaded Program Filesgbiehuni.dll [2008-08-29 378784]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:WINDOWSsystem32opnmMdCs.dll [2008-12-01 32768]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
"authentication packages"=msv1_0
C:WINDOWSsystem32mlJDtqQK

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalprocexp90.Sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalPSEXESVC]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworknm.sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkprocexp90.Sys]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkPSEXESVC]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCommon FilesAOLLoaderaolload.exe"="C:Program FilesCommon FilesAOLLoaderaolload.exe:*:Enabled:AOL Loader"
"C:Program FilesCommon FilesAOL1139325892eeaolsoftware.exe"="C:Program FilesCommon FilesAOL1139325892eeaolsoftware.exe:*:Enabled:AOL Services"
"C:Program FilesCommon FilesAOL1139325892eeaim6.exe"="C:Program FilesCommon FilesAOL1139325892eeaim6.exe:*:Enabled:AIM"
"C:Program FilesBUFFALOHDBackupHDBackup.exe"="C:Program FilesBUFFALOHDBackupHDBackup.exe:*:Enabled:BUFFALO Easy Backup to HD"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"E:setupHPZnet01.exe"="E:setupHPZnet01.exe:*:Enabled:hpznet01.exe"
"E:setuphponicifs01.exe"="E:setuphponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:Program FilesHPDigital Imagingbinhpqtra08.exe"="C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:Program FilesHPDigital Imagingbinhpqste08.exe"="C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe"
"C:Program FilesHPDigital Imagingbinhpofxm08.exe"="C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:Program FilesHPDigital Imagingbinhposfx08.exe"="C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe"
"C:Program FilesHPDigital Imagingbinhposid01.exe"="C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe"
"C:Program FilesHPDigital Imagingbinhpqscnvw.exe"="C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:Program FilesHPDigital Imagingbinhpqkygrp.exe"="C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:Program FilesHPDigital ImagingbinhpqCopy.exe"="C:Program FilesHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:Program FilesHPDigital Imagingbinhpfccopy.exe"="C:Program FilesHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:Program FilesHPDigital Imagingbinhpzwiz01.exe"="C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe"="C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:Program FilesHPDigital ImagingUnloadHpqDIA.exe"="C:Program FilesHPDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe"
"C:Program FilesHPDigital Imagingbinhpoews01.exe"="C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe"
"C:Program FilesHPDigital Imagingbinhpqnrs08.exe"="C:Program FilesHPDigital Imagingbinhpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"="C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:IDrive for IBackupIDriveEng.exe"="C:IDrive for IBackupIDriveEng.exe:*:Enabled:IDriveEng"
"C:WINDOWSsystem32LEXPPS.EXE"="C:WINDOWSsystem32LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:WINDOWSsystem32spooldriversw32x863SAGENT4.EXE"="C:WINDOWSsystem32spooldriversw32x863SAGENT4.EXE:*:Enabled:SAgent4"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d8336de-775b-11da-b2c3-806d6172696f}]
shellAutoRuncommand - I:sonyAutorun.exe


======File associations======

.js - edit - "C:Program FilesMacromediaDreamweaver 8dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-20 07:52:08 ----D---- C:rsit
2008-12-20 07:50:12 ----D---- C:Program FilesTrend Micro
2008-12-20 07:01:53 ----D---- C:ComboFix
2008-12-20 07:01:49 ----A---- C:WINDOWSsystem32CF11035.exe
2008-12-20 07:01:44 ----A---- C:WINDOWSsystem32CF11018.exe
2008-12-20 06:44:09 ----A---- C:WINDOWSsystem32CF7534.exe
2008-12-19 22:25:18 ----A---- C:WINDOWSsystem32javaws.exe
2008-12-19 22:25:18 ----A---- C:WINDOWSsystem32javaw.exe
2008-12-19 22:25:18 ----A---- C:WINDOWSsystem32java.exe
2008-12-19 22:06:51 ----A---- C:WINDOWSsystem32CF4478.exe
2008-12-19 21:45:19 ----A---- C:Boot.bak
2008-12-19 21:44:55 ----RASHD---- C:cmdcons
2008-12-19 21:40:07 ----A---- C:WINDOWSNIRCMD.exe
2008-12-19 21:40:06 ----A---- C:WINDOWSSWREG.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSzip.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSVFIND.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSSWXCACLS.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSSWSC.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSsed.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSgrep.exe
2008-12-19 21:40:05 ----A---- C:WINDOWSfdsv.exe
2008-12-19 21:39:19 ----A---- C:WINDOWSsystem32CF31903.exe
2008-12-19 21:34:03 ----D---- C:WINDOWSERDNT
2008-12-19 21:34:03 ----D---- C:Qoobox
2008-12-19 21:13:39 ----D---- C:Documents and SettingsKristinApplication DataMozilla
2008-12-19 21:12:40 ----D---- C:Program FilesMozilla Firefox
2008-12-19 20:05:45 ----ASH---- C:WINDOWSsystem32swingycb.ini
2008-12-19 20:05:38 ----A---- C:WINDOWSsystem32bcygniws.dll
2008-12-19 20:04:49 ----A---- C:WINDOWSsystem32qtayzx.dll
2008-12-19 20:04:47 ----A---- C:WINDOWSsystem32ioiiqmei.dll
2008-12-01 10:06:09 ----A---- C:WINDOWSsystem32awtQheCr.dll
2008-12-01 09:51:25 ----A---- C:WINDOWSsystem32pmnlmmnk.dll
2008-12-01 09:51:17 ----A---- C:WINDOWSsystem32iafdqjiv.dll
2008-12-01 09:49:35 ----ASH---- C:WINDOWSsystem32ijertobn.ini
2008-12-01 09:48:42 ----A---- C:WINDOWSsystem328720f9af-.txt
2008-12-01 09:48:03 ----ASH---- C:WINDOWSsystem32KQqtDJlm.ini2
2008-12-01 09:48:03 ----ASH---- C:WINDOWSsystem32KQqtDJlm.ini
2008-12-01 09:47:57 ----A---- C:WINDOWSsystem32mlJDtqQK.dll
2008-12-01 09:42:46 ----A---- C:WINDOWSsystem32opnmMdCs.dll
2008-12-01 09:42:42 ----A---- C:WINDOWSsystem32prunnet.exe

======List of files/folders modified in the last 1 months======

2008-12-20 07:50:12 ----RD---- C:Program Files
2008-12-20 07:48:23 ----HD---- C:WINDOWSinf
2008-12-20 07:48:20 ----D---- C:WINDOWSsystem32CatRoot2
2008-12-20 07:13:03 ----D---- C:WINDOWSTemp
2008-12-20 07:12:12 ----D---- C:WINDOWS
2008-12-20 07:06:53 ----D---- C:WINDOWSsystem32drivers
2008-12-20 07:04:13 ----D---- C:WINDOWSsystem32
2008-12-20 07:03:37 ----A---- C:WINDOWSSchedLgU.Txt
2008-12-20 06:51:28 ----D---- C:WINDOWSMinidump
2008-12-19 22:26:25 ----D---- C:WINDOWSsystem32appmgmt
2008-12-19 22:26:23 ----SHD---- C:WINDOWSInstaller
2008-12-19 22:26:02 ----D---- C:Program FilesJava
2008-12-19 22:26:02 ----D---- C:Config.Msi
2008-12-19 21:45:21 ----RASH---- C:boot.ini
2008-12-19 21:34:09 ----D---- C:WINDOWSPrefetch
2008-12-01 09:42:54 ----D---- C:Program FilesESET
2008-12-01 00:06:23 ----SD---- C:WINDOWSDownloaded Program Files
2008-11-26 12:58:17 ----RSHDC---- C:WINDOWSsystem32dllcache
2008-11-25 18:25:22 ----D---- C:WINDOWSHelp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:WINDOWSsystem32DRIVERSDMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-27 36096]
R1 nod32drv;nod32drv; C:WINDOWSsystem32driversnod32drv.sys [2007-06-25 15424]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:WINDOWSSystem32Driverstosrfcom.sys [2005-06-21 59648]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:WINDOWSsystem32DRIVERSAegisP.sys [2006-04-03 17801]
R2 AMON;AMON; C:WINDOWSsystem32driversamon.sys [2007-06-25 512096]
R2 IBFs;IBackup File System Driver; ??C:IBackup DriveIBfs.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:WINDOWSsystem32DRIVERSnwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:WINDOWSsystem32DRIVERSnwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:WINDOWSsystem32DRIVERSnwlnkspx.sys [2004-08-04 55936]
R2 s24trans;WLAN Transport; C:WINDOWSsystem32DRIVERSs24trans.sys [2005-11-07 11354]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:WINDOWSsystem32DRIVERSApfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-03 14080]
R3 E100B;Intel® PRO Network Connection Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2004-08-19 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2005-02-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:WINDOWSsystem32DRIVERSHSF_DPV.sys [2005-05-23 1034752]
R3 HSFHWAZL;HSFHWAZL; C:WINDOWSsystem32DRIVERSHSFHWAZL.sys [2005-05-23 178048]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-06-29 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2005-06-29 3173888]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:WINDOWSsystem32DRIVERSiwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-04 61824]
R3 SNC;Sony Notebook Control Device; C:WINDOWSSystem32DriversSonyNC.sys [2000-11-09 48896]
R3 SPI;Sony Programmable I/O Control Device; C:WINDOWSsystem32DRIVERSSonyPI.sys [2003-06-18 71961]
R3 StillCam;Still Serial Digital Camera Driver; C:WINDOWSsystem32DRIVERSserscan.sys [2001-08-17 6784]
R3 tifmsony;tifmsony; C:WINDOWSsystem32driverstifmsony.sys [2005-08-12 77312]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:WINDOWSsystem32DRIVERSw29n51.sys [2006-01-17 3325312]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2005-05-23 716288]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S3 catchme;catchme; ??C:ComboFixcatchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:WINDOWSsystem32DRIVERSDot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:WINDOWSsystem32DRIVERSDot4Scan.sys [2001-08-17 8704]
S3 dot4ufd;HP Dot4USB Filter; C:WINDOWSsystem32DRIVERShppaufd0.sys [2004-12-24 16800]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:WINDOWSsystem32DRIVERSdot4usb.sys [2001-08-17 23808]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-01-17 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2004-12-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2004-12-24 21568]
S3 IBNP;IBackup Network Provider; C:WINDOWSsystem32driversIBNP.sys []
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2005-05-27 3191936]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:WINDOWSsystem32DRIVERStosporte.sys [2005-06-20 44288]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:WINDOWSSystem32Driverstosrfbd.sys [2005-06-17 98944]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:WINDOWSSystem32Driverstosrfbnp.sys [2005-05-27 34176]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:WINDOWSsystem32DRIVERSTosrfhid.sys [2005-04-23 53248]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:WINDOWSsystem32DRIVERStosrfnds.sys [2005-01-06 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:WINDOWSSystem32Driverstosrfusb.sys [2004-12-21 34816]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EvtEng;EvtEng; C:Program FilesIntelWirelessBinEvtEng.exe [2006-01-27 86016]
R2 LexBceS;LexBce Server; C:WINDOWSsystem32LEXBCES.EXE [2003-02-25 303104]
R2 NOD32krn;NOD32 Kernel Service; C:Program FilesEsetnod32krn.exe [2007-06-25 552064]
R2 OwnershipProtocol;OwnershipProtocol; C:Program FilesIntelWirelessBinOProtSvc.exe [2006-01-27 98304]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-03 69632]
R2 RegSrvc;RegSrvc; C:Program FilesIntelWirelessBinRegSrvc.exe [2006-01-27 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:Program FilesIntelWirelessBinS24EvMon.exe [2006-01-27 372809]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R2 VAIO Event Service;VAIO Event Service; C:Program FilesSonyVAIO Event ServiceVESMgr.exe [2005-05-20 153600]
R2 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:Program FilesSonyVAIO Media Integrated ServerVMISrv.exe [2005-06-07 1851392]
R2 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:Program FilesSonyVAIO Media Integrated ServerPlatformSV_Httpd.exe [2005-06-07 57344]
R2 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:Program FilesSonyVAIO Media Integrated ServerPlatformUPnPFramework.exe [2005-06-07 770048]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [2005-06-15 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCdbVzFw.exe [2005-06-15 118784]
R2 WLANKEEPER;WLANKEEPER; C:Program FilesIntelWirelessBinWLKeeper.exe [2006-01-27 225353]
R3 iPodService;iPodService; C:Program FilesiPodbiniPodService.exe [2006-02-23 323584]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVCSWVCSW.exe [2005-06-15 270336]
S2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2005-05-27 127044]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-02-06 138168]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:Program FilesSonyImage Converter 2IcVzMon.exe [2005-04-05 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2005-06-07 53337]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2005-06-07 53337]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2005-06-07 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe [2005-06-03 69632]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformVzCsVzHardwareResourceManagerVzHardwareResourceManager.exe [2005-06-15 73728]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:Program FilesSonyVAIO Media Integrated ServerPlatformVmGateway.exe [2005-06-07 188416]
S3 WmcCds;Windows Media Connect (WMC); c:program fileswindows media connectmswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:Program FilesWindows Media Connectmswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Posted Dec. 20 at 9:15 a.m. EST

Am running malwarebytes which is finding a bunch of stuff now.

Merged posts. ~ OB

Edited by Orange Blossom, 20 December 2008 - 10:49 AM.


BC AdBot (Login to Remove)

 


#2 RobOK

RobOK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 20 December 2008 - 02:29 PM

New Log posting. I am not going to run anything more at this point. The Malwarebytes seemed to have alieveated some symptoms but still cannot connect to the internet. Nod32 is no longer finding anything wrong.

Thank you in advance for taking a look at this log file.


==================================
Logfile of random's system information tool 1.05 (written by random/random)
Run by Kristin at 2008-12-20 14:21:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (70%) free of 51 GB
Total RAM: 2038 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21, on 2008-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\IBackup Drive\IBackup Drive.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\SCMain.exe
C:\WINDOWS\WCMain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Documents and Settings\Kristin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kristin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4600 Series on ARCASPICIO] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P45 "Auto EPSON Stylus CX4600 Series on ARCASPICIO" /O21 "\\ARCASPICIO\Printer5" /M "Stylus CX4600"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4600 Series on SETH] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P39 "Auto EPSON Stylus CX4600 Series on SETH" /O15 "\\SETH\Printer2" /M "Stylus CX4600"
O4 - HKLM\..\Run: [\\SETH\EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P33 "\\SETH\EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IBackup Drive] "C:\IBackup Drive\IBackup Drive.exe" Minimize
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186086876968
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslib...ntent/AcpIR.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - Winlogon Notify: GbPluginUni - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15185 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F537B6C4-9FC6-4B09-9A51-8EA3DB374AEE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-14 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540008}]
GbIehObj Class - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [2008-08-29 378784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-05-27 6746112]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"Mouse Suite 98 Daemon"=ICO.EXE []
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-05-15 184320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-05-20 57344]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-01-14 151552]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-08-09 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-29 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-29 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-29 114688]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2005-01-20 167936]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]
"EPSON Stylus CX4600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
"Auto EPSON Stylus CX4600 Series on ARCASPICIO"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-02-15 180269]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-01-27 401408]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-01-27 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-01-27 356352]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-03 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-06-25 949376]
"Auto EPSON Stylus CX4600 Series on SETH"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]
"\\SETH\EPSON Stylus CX4600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]
"eFax 4.3"=C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe [2007-03-06 116224]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-14 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"IBackup Drive"=C:\IBackup Drive\IBackup Drive.exe [2008-01-29 230880]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Stardust Screen Saver Control 2003.lnk - C:\WINDOWS\SCMain.exe
Stardust Wallpaper Control 2003.lnk - C:\WINDOWS\WCMain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginUni]
C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [2008-08-29 378784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-29 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2006-01-27 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54697F09-BAF4-422E-8E7A-A563B020B1A5}"=C:\IBackup Drive\IBShellView.dll [2008-01-29 536576]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"=C:\WINDOWS\Downloaded Program Files\gbiehuni.dll [2008-08-29 378784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1139325892\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1139325892\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1139325892\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1139325892\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\BUFFALO\HDBackup\HDBackup.exe"="C:\Program Files\BUFFALO\HDBackup\HDBackup.exe:*:Enabled:BUFFALO Easy Backup to HD"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\setup\HPZnet01.exe"="E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\setup\hponicifs01.exe"="E:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\IDrive for IBackup\IDriveEng.exe"="C:\IDrive for IBackup\IDriveEng.exe:*:Enabled:IDriveEng"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d8336de-775b-11da-b2c3-806d6172696f}]
shell\AutoRun\command - I:\sony\Autorun.exe


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-20 08:34:22 ----D---- C:\Documents and Settings\Kristin\Application Data\Malwarebytes
2008-12-20 08:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 08:33:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 07:52:08 ----D---- C:\rsit
2008-12-20 07:50:12 ----D---- C:\Program Files\Trend Micro
2008-12-20 07:01:53 ----D---- C:\ComboFix
2008-12-20 07:01:49 ----A---- C:\WINDOWS\system32\CF11035.exe
2008-12-20 07:01:44 ----A---- C:\WINDOWS\system32\CF11018.exe
2008-12-20 06:44:09 ----A---- C:\WINDOWS\system32\CF7534.exe
2008-12-19 22:25:18 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-19 22:25:18 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-19 22:25:18 ----A---- C:\WINDOWS\system32\java.exe
2008-12-19 22:06:51 ----A---- C:\WINDOWS\system32\CF4478.exe
2008-12-19 21:45:19 ----A---- C:\Boot.bak
2008-12-19 21:44:55 ----RASHD---- C:\cmdcons
2008-12-19 21:40:07 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 21:40:06 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\zip.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\sed.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\grep.exe
2008-12-19 21:40:05 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 21:39:19 ----A---- C:\WINDOWS\system32\CF31903.exe
2008-12-19 21:34:03 ----D---- C:\WINDOWS\ERDNT
2008-12-19 21:34:03 ----D---- C:\Qoobox
2008-12-19 21:13:39 ----D---- C:\Documents and Settings\Kristin\Application Data\Mozilla
2008-12-19 21:12:40 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 09:49:35 ----ASH---- C:\WINDOWS\system32\ijertobn.ini
2008-12-01 09:48:42 ----A---- C:\WINDOWS\system32\8720f9af-.txt

======List of files/folders modified in the last 1 months======

2008-12-20 14:21:20 ----D---- C:\WINDOWS\Prefetch
2008-12-20 14:20:22 ----D---- C:\WINDOWS\Temp
2008-12-20 13:40:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 13:36:05 ----D---- C:\WINDOWS
2008-12-20 13:34:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 11:14:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 11:13:49 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 11:13:49 ----D---- C:\WINDOWS\system32
2008-12-20 08:33:52 ----RD---- C:\Program Files
2008-12-20 07:48:23 ----HD---- C:\WINDOWS\inf
2008-12-20 06:51:28 ----D---- C:\WINDOWS\Minidump
2008-12-19 22:26:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-19 22:26:23 ----SHD---- C:\WINDOWS\Installer
2008-12-19 22:26:02 ----D---- C:\Program Files\Java
2008-12-19 22:26:02 ----D---- C:\Config.Msi
2008-12-19 21:45:21 ----RASH---- C:\boot.ini
2008-12-01 09:42:54 ----D---- C:\Program Files\ESET
2008-11-26 12:58:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-25 18:25:22 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-06-25 15424]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-06-21 59648]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-04-03 17801]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-06-25 512096]
R2 IBFs;IBackup File System Driver; \??\C:\IBackup Drive\IBfs.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-07 11354]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-08-19 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-05-23 1034752]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-05-23 178048]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-29 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 SPI;Sony Programmable I/O Control Device; C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2003-06-18 71961]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-08-12 77312]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-01-17 3325312]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-23 716288]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2004-12-24 16800]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-01-17 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-24 21568]
S3 IBNP;IBackup Network Provider; C:\WINDOWS\system32\drivers\IBNP.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-05-27 3191936]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-06-20 44288]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-06-17 98944]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-05-27 34176]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-04-23 53248]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-01-27 86016]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-06-25 552064]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2006-01-27 98304]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-01-27 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-01-27 372809]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-20 153600]
R2 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2005-06-07 1851392]
R2 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-06-07 57344]
R2 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-06-07 770048]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-06-15 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-06-15 118784]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-01-27 225353]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
R3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-06-15 73728]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-06-15 270336]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-05-27 127044]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 138168]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 32768]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-06-07 188416]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#3 RobOK

RobOK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:45 AM

Posted 21 December 2008 - 09:30 AM

Resolved.

Combination of Malwarebytes and some of the online scanners and NOD32 have me back in shape (I hope!)

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:45 AM

Posted 27 December 2008 - 08:21 PM

Thank you for letting us know. :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users