Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan that redirects my web browser. Help please.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Shadowlink

Shadowlink

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 21 December 2008 - 04:27 AM

A few weeks ago i managed to infect myself with some sort of virus that cause every websearch i do to redirect me to another site. On top of that, I'm afraid to visit any online banking site or anything else. Can someone help me please? I've tried multiple programs, but none can remove it.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Ubastank at 2008-12-21 01:16:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 17 GB (10%) free of 183 GB
Total RAM: 1014 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:16 AM, on 12/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ubastank\Desktop\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9921D18E-F777-43CF-AD69-3E6145CE9E8B}: NameServer = 85.255.112.102;85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9EAF00D-0970-4370-AA7A-9A64373D0148}: NameServer = 85.255.112.102;85.255.112.168
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11426 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-25 4489216]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-06-29 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-06-29 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-06-29 133656]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-08 118784]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2007-06-11 317560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]
"VAIO Center Access Bar"=c:\program files\sony\VAIO Center Access Bar\VCAB.exe [2007-06-21 53248]
"VWLASU"=C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe [2007-07-12 45056]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Skytel"=C:\Windows\Skytel.exe [2007-06-25 1826816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-04-07 873040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"=C:\Program Files\Sony\Network Utility\LANUtil.exe [2007-06-29 258048]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

C:\Users\Ubastank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-06-29 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-24 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f87c27-2191-11dd-97f8-001a801ba5b8}]
shell\AutoRun\command - Autorun.exe /run
shell\Shell00\command - Autorun.exe /run
shell\Shell01\command - Autorun.exe /action
shell\Shell02\command - Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2008-12-21 01:16:00 ----D---- C:\rsit
2008-12-19 22:10:44 ----D---- C:\Users\Ubastank\AppData\Roaming\U3
2008-12-16 20:41:08 ----A---- C:\Windows\Simple Static IP Uninstall Log.txt
2008-12-16 19:41:20 ----D---- C:\Windows\Simple Static IP
2008-12-16 19:41:10 ----A---- C:\Windows\Simple Static IP Setup Log.txt
2008-12-12 02:26:13 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2008-12-12 02:25:26 ----D---- C:\Users\Ubastank\AppData\Roaming\SUPERAntiSpyware.com
2008-12-12 02:25:26 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-12 00:05:36 ----D---- C:\Program Files\Avira
2008-12-11 23:54:19 ----A---- C:\Windows\system32\javaws.exe
2008-12-11 23:54:19 ----A---- C:\Windows\system32\javaw.exe
2008-12-11 23:54:19 ----A---- C:\Windows\system32\deploytk.dll
2008-12-11 23:54:18 ----A---- C:\Windows\system32\java.exe
2008-12-11 21:07:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-11 07:32:52 ----D---- C:\kav
2008-12-09 01:12:23 ----D---- C:\Windows\BDOSCAN8
2008-12-07 21:52:37 ----D---- C:\Program Files\Alwil Software
2008-12-07 21:11:33 ----A---- C:\Windows\system32\ztvunace26.dll
2008-12-07 21:11:32 ----A---- C:\Windows\system32\ztvunrar36.dll
2008-12-07 21:11:32 ----A---- C:\Windows\system32\ztvcabinet.dll
2008-12-07 21:11:32 ----A---- C:\Windows\system32\UNRAR3.dll
2008-12-07 21:11:32 ----A---- C:\Windows\system32\unacev2.dll
2008-12-07 21:11:15 ----D---- C:\Program Files\Trojan Remover
2008-12-07 17:33:25 ----D---- C:\ProgramData\ESET
2008-12-07 01:34:05 ----D---- C:\Users\Ubastank\AppData\Roaming\TrojanHunter
2008-12-06 23:44:16 ----R---- C:\Windows\system32\streamhlp.dll
2008-12-06 23:44:14 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-06 22:49:54 ----AD---- C:\ProgramData\TEMP
2008-12-06 18:42:20 ----D---- C:\ProgramData\Avg8
2008-12-06 15:39:51 ----D---- C:\Program Files\AVG
2008-12-06 15:13:45 ----D---- C:\Users\Ubastank\AppData\Roaming\IObit
2008-12-06 15:13:45 ----D---- C:\Program Files\IObit
2008-12-06 01:34:19 ----D---- C:\ProgramData\Trend Micro
2008-12-05 01:06:38 ----D---- C:\Users\Ubastank\AppData\Roaming\Malwarebytes
2008-12-05 01:06:27 ----D---- C:\ProgramData\Malwarebytes
2008-12-04 02:49:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-04 02:49:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-04 02:07:05 ----D---- C:\ProgramData\Lavasoft
2008-11-30 01:50:15 ----D---- C:\Program Files\iPod
2008-11-30 01:50:03 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50:03 ----D---- C:\Program Files\iTunes
2008-11-30 01:46:38 ----D---- C:\Program Files\QuickTime
2008-11-29 03:10:20 ----D---- C:\Program Files\MP3 Music Search
2008-11-25 13:11:37 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 13:11:34 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 13:11:34 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 13:11:34 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 13:11:30 ----A---- C:\Windows\system32\connect.dll
2008-11-23 16:37:51 ----D---- C:\Program Files\Ventrilo
2008-11-23 16:37:47 ----A---- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

======List of files/folders modified in the last 1 months======

2008-12-21 01:15:56 ----D---- C:\Windows\Temp
2008-12-21 01:15:56 ----D---- C:\Windows\Prefetch
2008-12-21 01:15:43 ----D---- C:\Users\Ubastank\AppData\Roaming\uTorrent
2008-12-20 14:58:57 ----SHD---- C:\System Volume Information
2008-12-19 22:13:56 ----D---- C:\Windows\System32
2008-12-19 22:13:56 ----D---- C:\Windows\inf
2008-12-19 22:13:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-19 12:50:43 ----D---- C:\Program Files\Combined Community Codec Pack
2008-12-16 21:22:42 ----SD---- C:\Windows\Downloaded Program Files
2008-12-16 20:41:40 ----RD---- C:\Program Files
2008-12-16 20:41:08 ----D---- C:\Windows
2008-12-12 22:55:32 ----D---- C:\Windows\system32\drivers
2008-12-12 21:34:06 ----D---- C:\Users\Ubastank\AppData\Roaming\LimeWire
2008-12-12 07:15:02 ----D---- C:\Windows\system32\Msdtc
2008-12-12 07:14:59 ----D---- C:\Windows\system32\wbem
2008-12-12 07:14:08 ----D---- C:\Windows\system32\config
2008-12-12 07:13:46 ----D---- C:\Windows\Tasks
2008-12-12 07:13:46 ----D---- C:\Windows\system32\spool
2008-12-12 07:13:46 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-12 07:13:46 ----D---- C:\Windows\system32\catroot2
2008-12-12 07:13:40 ----D---- C:\Windows\registration
2008-12-12 02:26:13 ----HD---- C:\ProgramData
2008-12-12 02:25:55 ----SHD---- C:\Windows\Installer
2008-12-12 02:24:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 23:52:34 ----D---- C:\Program Files\Java
2008-12-11 23:42:45 ----SD---- C:\ProgramData\Microsoft
2008-12-11 22:33:27 ----D---- C:\Windows\system32\Tasks
2008-12-11 20:12:46 ----D---- C:\Windows\system32\catroot
2008-12-09 01:38:29 ----SD---- C:\Users\Ubastank\AppData\Roaming\Microsoft
2008-12-07 17:25:52 ----DC---- C:\Windows\system32\DRVSTORE
2008-12-07 17:25:16 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-12-07 17:22:57 ----D---- C:\Users\Ubastank\AppData\Roaming\Move Networks
2008-12-07 17:09:12 ----D---- C:\Program Files\Common Files\Adobe
2008-12-07 17:09:12 ----D---- C:\Program Files\Common Files
2008-12-07 17:07:44 ----D---- C:\Program Files\Adobe
2008-12-07 16:52:16 ----D---- C:\ProgramData\Adobe
2008-12-07 16:42:57 ----D---- C:\Program Files\Sony
2008-12-07 16:31:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 16:26:19 ----D---- C:\Program Files\Diablo II
2008-12-07 16:24:00 ----D---- C:\Windows\system32\Spiderman 3 dir
2008-12-06 19:03:11 ----SD---- C:\Windows\system32\Microsoft
2008-12-06 15:39:22 ----D---- C:\Windows\winsxs
2008-12-06 01:28:46 ----D---- C:\ProgramData\Symantec
2008-12-06 01:28:46 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-06 01:25:14 ----D---- C:\Program Files\Symantec
2008-12-06 01:23:21 ----RSD---- C:\Windows\assembly
2008-12-05 22:51:21 ----D---- C:\Windows\rescache
2008-12-04 19:01:04 ----RSD---- C:\Windows\Media
2008-12-04 19:01:04 ----D---- C:\Windows\system32\restore
2008-12-04 19:01:01 ----RSD---- C:\Windows\Fonts
2008-12-04 19:00:58 ----D---- C:\Users\Ubastank\AppData\Roaming\Ventrilo
2008-12-04 19:00:55 ----RD---- C:\Users
2008-12-04 19:00:52 ----D---- C:\ProgramData\Microsoft Help
2008-12-04 19:00:50 ----D---- C:\Program Files\Microsoft Works
2008-12-04 18:49:15 ----D---- C:\Windows\Logs
2008-11-30 01:50:14 ----D---- C:\Program Files\Common Files\Apple
2008-11-29 03:28:18 ----D---- C:\Program Files\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2007-06-27 10216]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-06 56108]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-05-01 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-01 8192]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-08 140800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-05-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-05-01 207360]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-06-29 1671680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-25 1787816]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-30 2222080]
R3 SNC;Sony Firmware Extension Parser Device; C:\Windows\System32\Drivers\SonyNC.sys [2006-11-05 27520]
R3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-05-01 659968]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-24 246784]
S2 npkcrypt;npkcrypt; C:\Windows\system32\drivers\npkcrypt.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-13 705024]
S3 ax8pmvxy;ax8pmvxy; C:\Windows\system32\drivers\ax8pmvxy.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\Windows\system32\drivers\Ndisprot.sys [2008-12-04 29184]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2007-12-26 47360]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-18 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-05-24 128104]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\drivers\UIUSys.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
R2 NSUService;NSUService; C:\Program Files\Sony\Network Utility\NSUService.exe [2007-06-29 200704]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-07-24 182392]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2007-06-28 188416]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2007-06-28 184320]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-05-01 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2007-06-28 274432]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2007-06-28 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2007-06-20 2523136]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2007-06-20 499712]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-05 79736]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-21 01:16:16

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Click to DVD 2.0.05 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9 -removeonly
Click to DVD 2.6.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9 -removeonly
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins001.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crackle Screen Saver 1.0-->"C:\Program Files\Crackle\Crackle Screen Saver\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HijackThis 2.0.2-->"C:\Users\Ubastank\Desktop\Downloads\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mgs4_ss_1024_768_1 ?????????-->C:\Windows\system32\mgs4_ss_1024_768_1.scr /u
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
OpenMG Limited Patch 4.7-07-15-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickBooks Product Listing Service-->MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Easy Media Creator Home-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x9 -removeonly
SonicStage Mastering Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x9 -removeonly
Sony Video Shared Library-->C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trojan Remover 6.6.9-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
VAIO Azure Float Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0312BD0D-A1FE-4E1A-9208-D436F566D867}\setup.exe" -l0x9 -removeonly
VAIO Center Access Bar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C299F969-AE3D-4679-ADF5-682A186CE62E}\setup.exe" -l0x9 -removeonly
VAIO Content Folder Setting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -l0x9 -removeonly
VAIO Content Importer / VAIO Content Exporter-->C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Intelligent Analyzing Manager-->C:\Program Files\InstallShield Installation Information\{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata Manager Setting-->C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Content Metadata XML Interface Library-->C:\Program Files\InstallShield Installation Information\{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E74F7423-77CB-4F6A-A44D-604E1010FE50}\setup.exe" -l0x9 -removeonly
VAIO Entertainment Platform-->C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9 -removeonly
VAIO Help And Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D716354-2C08-48DC-9AC5-957348048817}\setup.exe" -l0x9 -removeonly
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -l0x9 -removeonly
VAIO Media 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Content Collection 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Integrated Server 6.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Movie Story Template Data-->C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO Movie Story-->C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x0009 -removeonly
VAIO MusicBox Sample Music-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -l0x9 -removeonly
VAIO MusicBox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -l0x9 -removeonly
VAIO OOBE and Welcome Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B500D37-E7CF-480B-8054-8A563594EC4E}\setup.exe" -l0x9 -removeonly
VAIO Original Function Setting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -l0x9 -removeonly
VAIO PC Wireless LAN Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCED773C-99EE-48DD-8915-25733F69F0A8}\setup.exe" -l0x9 -removeonly
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -l0x9 -removeonly
VAIO Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BABC878D-BB64-4688-9A88-1D9E88F339A9}\setup.exe" -l0x9 -removeonly
VAIO Security Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}\setup.exe" -l0x9 -removeonly
VAIO Service Utility-->C:\Program Files\Sony\VAIO Service Utility\uninstall.exe
VAIO Smart Network-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B659FAD-E772-44A3-B7E7-560FF084669F}\setup.exe" -l0x9 -removeonly
VAIO Teal Whisper Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{235915A8-1C0D-4920-95EA-FE8B773E5F57}\setup.exe" -l0x9 -removeonly
VAIO Update 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9 -removeonly
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinDVD for VAIO-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AS: AdwareAlert (disabled)
AS: Windows Defender (disabled)

System event log

Computer Name: Home-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the running state.
Record Number: 136747
Source Name: Service Control Manager
Time Written: 20081221063426.000000-000
Event Type: Information
User:

Computer Name: Home-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
Record Number: 136748
Source Name: Service Control Manager
Time Written: 20081221063427.000000-000
Event Type: Information
User:

Computer Name: Home-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 136749
Source Name: Tcpip
Time Written: 20081221070020.284600-000
Event Type: Warning
User:

Computer Name: Home-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 136750
Source Name: Tcpip
Time Written: 20081221073908.066600-000
Event Type: Warning
User:

Computer Name: Home-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 136751
Source Name: Tcpip
Time Written: 20081221082649.821600-000
Event Type: Warning
User:

Application event log

Computer Name: Home-PC
Event Code: 9010
Message: A request to disable the Desktop Window Manager was made by process (ePSXe.exe)
Record Number: 43919
Source Name: Desktop Window Manager
Time Written: 20081221063611.000000-000
Event Type: Information
User:

Computer Name: Home-PC
Event Code: 9013
Message: The Desktop Window Manager was unable to start because composition was disabled by a running application
Record Number: 43920
Source Name: Desktop Window Manager
Time Written: 20081221063612.000000-000
Event Type: Information
User:

Computer Name: Home-PC
Event Code: 1000
Message: Faulting application ePSXe.exe, version 0.0.0.0, time stamp 0x483816fa, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000374, fault offset 0x000b015d, process id 0x894, application start time 0x01c9633660af0360.
Record Number: 43921
Source Name: Application Error
Time Written: 20081221063623.000000-000
Event Type: Error
User:

Computer Name: Home-PC
Event Code: 9010
Message: A request to disable the Desktop Window Manager was made by process (DivX Player)
Record Number: 43922
Source Name: Desktop Window Manager
Time Written: 20081221075818.000000-000
Event Type: Information
User:

Computer Name: Home-PC
Event Code: 9013
Message: The Desktop Window Manager was unable to start because composition was disabled by a running application
Record Number: 43923
Source Name: Desktop Window Manager
Time Written: 20081221075821.000000-000
Event Type: Information
User:

Security event log

Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 33656
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221091015.812600-000
Event Type: Audit Failure
User:

Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 33657
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221091015.845600-000
Event Type: Audit Failure
User:

Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 33658
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221091015.877600-000
Event Type: Audit Failure
User:

Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 33659
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221091015.909600-000
Event Type: Audit Failure
User:

Computer Name: Home-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 33660
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081221091015.941600-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"configsetroot"=%SystemRoot%\ConfigSetRoot
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:01 AM

Posted 28 December 2008 - 04:11 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Shadowlink

Shadowlink
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 29 December 2008 - 01:53 AM

Hello and thank you for helping me. I still need the help and I followed the instructions. Here is the log:


DDS (Version 1.1.0) - NTFSx86
Run by Ubastank at 22:31:23.64 on Sun 12/28/2008
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.179 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ubastank\Desktop\Downloads\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program

files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\ubastank\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12

\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: {9921D18E-F777-43CF-AD69-3E6145CE9E8B} = 85.255.112.102;85.255.112.168
TCP: {C9EAF00D-0970-4370-AA7A-9A64373D0148} = 85.255.112.102;85.255.112.168
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\ubastank\appdata\roaming\mozilla\firefox\profiles\1ohicfef.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 NSUService;NSUService;"c:\program files\sony\network utility\NSUService.exe" [2007-10-25 200704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-24 24652]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-26 812544]
S2 Windows Tribute Service;Windows Tribute Service; []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-6-18 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-4 29184]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-10-25 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe"

/service=vaiomediaplatform-ucls-http /regroot="software\sony corporation\vaio media platform\2.0" /regext="\applications\ucls\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-10-25

1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe" [2007-8-26 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe" [2007-8-26 79736]

=============== Created Last 30 ================

2008-12-28 00:41 <DIR> --d----- C:\SDFix
2008-12-16 19:41 <DIR> --d----- c:\windows\Simple Static IP
2008-12-12 22:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-12 22:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 02:26 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2008-12-12 02:26 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2008-12-12 02:25 <DIR> --d----- c:\users\ubastank\appdata\roaming\SUPERAntiSpyware.com
2008-12-12 02:25 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-12 00:05 <DIR> --d----- c:\program files\Avira
2008-12-11 23:54 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-11 21:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 07:32 <DIR> --d----- C:\kav
2008-12-07 21:11 77,312 a------- c:\windows\system32\ztvunace26.dll
2008-12-07 21:11 162,304 a------- c:\windows\system32\ztvunrar36.dll
2008-12-07 21:11 153,088 a------- c:\windows\system32\UNRAR3.dll
2008-12-07 21:11 75,264 a------- c:\windows\system32\unacev2.dll
2008-12-07 21:11 69,632 a------- c:\windows\system32\ztvcabinet.dll
2008-12-07 21:11 <DIR> --d----- c:\program files\Trojan Remover
2008-12-07 17:33 <DIR> --d----- c:\programdata\ESET
2008-12-07 01:34 <DIR> --d----- c:\users\ubastank\appdata\roaming\TrojanHunter
2008-12-06 23:44 <DIR> --d----- c:\program files\TrojanHunter 5.0
2008-12-06 22:49 <DIR> a-d----- c:\programdata\TEMP
2008-12-06 18:42 <DIR> --d----- c:\programdata\Avg8
2008-12-06 18:42 <DIR> --d----- c:\progra~2\Avg8
2008-12-06 15:13 <DIR> --d----- c:\users\ubastank\appdata\roaming\IObit
2008-12-06 15:13 <DIR> --d----- c:\program files\IObit
2008-12-06 01:34 <DIR> --d----- c:\programdata\Trend Micro
2008-12-06 01:34 <DIR> --d----- c:\progra~2\Trend Micro
2008-12-05 01:06 <DIR> --d----- c:\users\ubastank\appdata\roaming\Malwarebytes
2008-12-05 01:06 <DIR> --d----- c:\programdata\Malwarebytes
2008-12-05 01:06 <DIR> --d----- c:\progra~2\Malwarebytes
2008-12-04 02:49 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2008-12-04 02:49 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-04 02:49 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-12-04 02:07 <DIR> --d----- c:\programdata\Lavasoft
2008-12-04 00:34 29,184 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-30 01:50 <DIR> --d----- c:\program files\iPod
2008-11-30 01:50 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 <DIR> --d----- c:\program files\iTunes
2008-11-30 01:50 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-29 03:10 <DIR> --d----- c:\program files\MP3 Music Search

==================== Find3M ====================

2008-12-06 14:54 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-06 14:54 86,016 a------- c:\windows\inf\infstor.dat
2008-12-06 14:54 51,200 a------- c:\windows\inf\infpub.dat
2008-10-21 19:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-20 21:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-16 14:08 162,064 a------- c:\windows\system32\wuwebv.dll
2008-10-16 13:56 31,232 a------- c:\windows\system32\wuapp.exe
2008-10-16 12:56 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-10-03 15:37 21,840 a------t c:\windows\system32\SIntfNT.dll
2008-10-03 15:37 17,212 a------t c:\windows\system32\SIntf32.dll
2008-10-03 15:37 12,067 a------t c:\windows\system32\SIntf16.dll
2008-10-01 19:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-06-24 20:35 174 a--sh--- c:\program files\desktop.ini
2008-06-24 20:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-10 19:35 87,608 a------- c:\users\ubastank\appdata\roaming\inst.exe
2008-05-10 19:35 47,360 a------- c:\users\ubastank\appdata\roaming\pcouffin.sys
2007-10-25 01:56 1,132,112 a------- c:\programdata\pswi_preloaded.exe
2007-10-25 01:56 1,132,112 a------- c:\progra~2\pswi_preloaded.exe
2007-10-24 22:20 0 a------- c:\users\ubastank\appdata\roaming\wklnhst.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-08-26 13:25 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:33:41.84 ===============

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:01 AM

Posted 30 December 2008 - 02:20 AM

Hi, Shadowlink :thumbsup:

Welcome.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Shadowlink

Shadowlink
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 30 December 2008 - 05:54 AM

Hello and thanks for helping me.
Ok i did the combo fix, but I had trouble reconnecting my internet so I had to do a system restore. That has also happened when I used certain anti-viruses, I couldn't get my internet to work. But here are the logs:

ComboFix 08-12-29.02 - Ubastank 2008-12-30 2:17:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.286 [GMT -8:00]
Running from: c:\users\Ubastank\Desktop\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Ubastank\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
c:\users\Ubastank\AppData\Roaming\inst.exe
c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Tribute Service


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-29 18:50 . 2008-12-29 18:50 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-29 18:50 . 2008-12-29 18:50 <DIR> d-------- c:\program files\Yahoo!
2008-12-29 00:49 . 2008-12-29 00:49 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-29 00:39 . 2008-12-29 00:39 <DIR> d-------- c:\program files\NHN USA
2008-12-29 00:39 . 2008-06-17 19:28 710,064 --a------ c:\windows\System32\ijjiSetup.exe
2008-12-29 00:39 . 2008-04-23 14:02 157,152 --a------ c:\windows\System32\PubPlugin.dll
2008-12-29 00:39 . 2008-06-11 23:01 58,800 --a------ c:\windows\System32\ijjiPlugin2.dll
2008-12-28 22:43 . 2008-12-28 22:55 <DIR> d-------- c:\users\All Users\WinZip
2008-12-28 22:43 . 2008-12-28 22:55 <DIR> d-------- c:\programdata\WinZip
2008-12-28 00:41 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-12-21 01:16 . 2008-12-21 01:16 <DIR> d-------- C:\rsit
2008-12-19 22:10 . 2008-12-26 02:38 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\U3
2008-12-16 19:41 . 2008-12-16 19:41 <DIR> d-------- c:\windows\Simple Static IP
2008-12-12 22:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-12 22:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-12 02:26 . 2008-12-12 02:26 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-12 02:26 . 2008-12-12 02:26 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-12 02:25 . 2008-12-12 02:25 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\SUPERAntiSpyware.com
2008-12-12 02:25 . 2008-12-28 02:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-12 00:05 . 2008-12-12 07:13 <DIR> d-------- c:\program files\Avira
2008-12-11 23:54 . 2008-12-11 23:52 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-11 21:07 . 2008-12-28 12:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 07:32 . 2008-12-11 07:32 <DIR> d-------- C:\kav
2008-12-09 01:12 . 2008-12-09 01:13 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-07 21:52 . 2008-12-07 21:52 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 21:11 . 2008-12-28 01:24 <DIR> d-------- c:\program files\Trojan Remover
2008-12-07 21:11 . 2006-05-25 15:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2008-12-07 21:11 . 2003-02-02 20:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2008-12-07 21:11 . 2005-08-26 01:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2008-12-07 21:11 . 2002-03-06 01:00 75,264 --a------ c:\windows\System32\unacev2.dll
2008-12-07 21:11 . 2006-06-19 13:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2008-12-07 17:33 . 2008-12-07 17:33 <DIR> d-------- c:\users\All Users\ESET
2008-12-07 17:33 . 2008-12-07 17:33 <DIR> d-------- c:\programdata\ESET
2008-12-07 01:34 . 2008-12-07 01:34 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\TrojanHunter
2008-12-06 23:44 . 2008-12-07 16:32 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-06 22:49 . 2008-12-06 23:37 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-06 22:49 . 2008-12-06 23:37 <DIR> d-a------ c:\programdata\TEMP
2008-12-06 18:42 . 2008-12-09 01:38 <DIR> d-------- c:\users\All Users\Avg8
2008-12-06 18:42 . 2008-12-09 01:38 <DIR> d-------- c:\programdata\Avg8
2008-12-06 15:13 . 2008-12-21 02:09 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\IObit
2008-12-06 15:13 . 2008-12-06 15:13 <DIR> d-------- c:\program files\IObit
2008-12-06 01:34 . 2008-12-06 01:34 <DIR> d-------- c:\users\All Users\Trend Micro
2008-12-06 01:34 . 2008-12-06 01:34 <DIR> d-------- c:\programdata\Trend Micro
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\Malwarebytes
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 02:07 . 2008-12-06 14:45 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-04 02:07 . 2008-12-06 14:45 <DIR> d-------- c:\programdata\Lavasoft
2008-12-04 00:34 . 2008-12-04 00:34 29,184 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\program files\iTunes
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\program files\iPod
2008-11-30 01:46 . 2008-11-30 01:47 <DIR> d-------- c:\program files\QuickTime
2008-11-29 03:10 . 2008-11-29 03:15 <DIR> d-------- c:\program files\MP3 Music Search
2008-11-25 13:11 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 13:11 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 13:11 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 13:11 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 13:11 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 16:37 . 2008-11-23 16:37 <DIR> d-------- c:\program files\Ventrilo
2008-11-23 16:37 . 2008-11-23 16:38 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\users\All Users\acccore
2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\programdata\acccore
2008-11-18 15:34 . 2008-10-16 13:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 15:34 . 2008-10-16 12:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 15:34 . 2008-10-16 13:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 15:34 . 2008-10-16 13:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 15:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 15:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 20:31 . 2008-11-15 20:31 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-15 20:30 . 2008-11-15 20:30 <DIR> d-------- C:\OpenCandy
2008-11-11 19:46 . 2008-09-09 19:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 19:46 . 2008-09-04 21:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 19:46 . 2008-08-26 17:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-01 18:09 . 2008-08-05 01:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 18:09 . 2008-08-05 01:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 18:09 . 2008-08-05 01:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 18:09 . 2008-08-05 01:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 18:09 . 2008-08-05 01:48 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 17:14 --------- d-----w c:\users\Ubastank\AppData\Roaming\uTorrent
2008-12-29 08:45 --------- d--h--w c:\users\Ubastank\AppData\Roaming\ijjigame
2008-12-29 08:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 07:00 --------- d-----w c:\users\Ubastank\AppData\Roaming\LimeWire
2008-12-19 20:50 --------- d-----w c:\program files\Combined Community Codec Pack
2008-12-12 10:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-12 07:52 --------- d-----w c:\program files\Java
2008-12-08 01:25 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-08 01:22 --------- d-----w c:\users\Ubastank\AppData\Roaming\Move Networks
2008-12-08 01:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 00:42 --------- d-----w c:\program files\Sony
2008-12-08 00:26 --------- d-----w c:\program files\Diablo II
2008-12-06 09:28 --------- d-----w c:\programdata\Symantec
2008-12-06 09:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 09:25 --------- d-----w c:\program files\Symantec
2008-12-05 03:00 --------- d-----w c:\users\Ubastank\AppData\Roaming\Ventrilo
2008-12-05 03:00 --------- d-----w c:\programdata\Microsoft Help
2008-12-05 03:00 --------- d-----w c:\program files\Microsoft Works
2008-11-30 09:50 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 11:28 --------- d-----w c:\program files\LimeWire
2008-11-20 05:34 --------- d-----w c:\programdata\Viewpoint
2008-11-20 05:34 --------- d-----w c:\program files\AIM6
2008-11-20 05:33 --------- d-----w c:\programdata\AOL Downloads
2008-11-16 04:31 --------- d-----w c:\program files\Red Kawa
2008-10-03 23:37 21,840 ----atw c:\windows\System32\SIntfNT.dll
2008-10-03 23:37 17,212 ----atw c:\windows\System32\SIntf32.dll
2008-10-03 23:37 12,067 ----atw c:\windows\System32\SIntf16.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-25 04:35 174 --sha-w c:\program files\desktop.ini
2008-05-11 03:35 47,360 ----a-w c:\users\Ubastank\AppData\Roaming\pcouffin.sys
2007-10-25 09:56 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-10-25 09:56 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2007-10-25 06:20 0 ----a-w c:\users\Ubastank\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-06-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-25 c:\windows\SkyTel.exe]

c:\users\Ubastank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3FDFFF6-A2C3-4D81-B9D5-E596A2A78431}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{C1276CC4-0275-4F38-AC3F-DF34F2E3B35C}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{7214DC80-392C-4161-91D1-21F7F67CCAD2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A1B83C8B-80B3-48B5-8606-FE185951DED3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A9BE402-66EC-45B3-8193-C23B376C9BF0}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DF47A04E-2595-42DA-B982-0BCF1549F51A}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B91F68E2-F342-453B-AA0A-E72CBACA9251}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3FA48001-92BD-4820-A7B8-260B305F0EB6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B4C41BB-BD2C-4A1C-B224-8EEDB84CD068}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6A2E7EC6-F43C-4270-BA9C-F52EBB9F06E8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D51BBF51-A4A7-418D-894D-0CF11D579075}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B8C82954-DA58-4B53-9B00-6BB34CD83F0E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{78220AAF-E6F9-4B7B-8150-B28BD726B3B7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{42E79AB1-CB3B-40A2-BA26-3D03BC081DCF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{35E98FBE-1733-450D-99A3-C8315DE554A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ECC0F487-07E7-40E6-81EA-119B608445ED}"= TCP:3876:Limewire
"{698A75AF-0894-4191-9639-2A386DA3851F}"= UDP:3876:Limewire
"TCP Query User{C6A88CCE-C101-4F4B-82C8-3E528AE1FD32}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{D1C54497-6C0B-4D99-AC7C-7477F27344C0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{432B7A58-052E-4203-8280-208BF5A40629}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{EEB41611-006A-42B0-9D08-70F0FFC9947C}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{B68892B3-0E47-431F-A570-3BB3C9D567E7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5CE097FB-32F1-4552-AF43-F22CA3977FF9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68B9FF2E-7A58-4AFC-B098-B9A441C99204}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{64F766F5-CBA5-45BE-9337-C1638CBE2C8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D8BE824-CB1F-454F-B6EE-BF1568BA3953}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{88B4A22A-54ED-4CA1-8E18-8F5F427B274F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{2F35931B-6B7A-4111-885F-00CA20B42590}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{615A5ED0-9359-49EE-A8E4-D880F6C63D9E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B98C0373-D3EF-43B9-A8C4-50ED7B5CC349}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{98A7C543-F800-4BC4-84DC-41766A984007}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{93022939-1ABB-4932-ADD9-D2D573591C41}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{EA3864B9-E007-44A6-B3C1-D0F739F2B6D9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{C9A9EDE6-80E6-4ED2-BC0F-56B37EC7351C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1C0E5685-BF14-43F7-A21C-F24DDC64F917}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6554300D-0669-4C1D-B36F-9137F32520A7}c:\\users\\ubastank\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7sivwwn2\\gunboundrv_setup[1].exe"= UDP:c:\users\ubastank\appdata\local\microsoft\windows\temporary internet files\content.ie5\7sivwwn2\gunboundrv_setup[1].exe:gunboundrv_setup[1].exe
"UDP Query User{37226A09-9113-40F0-97C0-8395B834BAAC}c:\\users\\ubastank\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7sivwwn2\\gunboundrv_setup[1].exe"= TCP:c:\users\ubastank\appdata\local\microsoft\windows\temporary internet files\content.ie5\7sivwwn2\gunboundrv_setup[1].exe:gunboundrv_setup[1].exe
"TCP Query User{05777687-603F-4DA5-A8D8-3E342FF709D3}c:\\ijji\\english\\u_gbound.exe"= UDP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"UDP Query User{37BCD079-2CCB-4A6D-9760-766C6D1C7FB1}c:\\ijji\\english\\u_gbound.exe"= TCP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"TCP Query User{766C0D29-0B6C-404D-A60D-AAAD038AFB35}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= UDP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound
"UDP Query User{F614E494-1B17-4B8E-9D39-6152F07EE143}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= TCP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-08-26 812544]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-06-18 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-04 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f87c27-2191-11dd-97f8-001a801ba5b8}]
\shell\AutoRun\command - Autorun.exe /run
\shell\Shell00\Command - Autorun.exe /run
\shell\Shell01\Command - Autorun.exe /action
\shell\Shell02\Command - Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 16:11]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{AB0C8BE3-041C-47d6-8195-E089D32B38DD} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 02:25:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-12-30 2:34:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 10:34:36

Pre-Run: 20,728,463,360 bytes free
Post-Run: 20,361,728,000 bytes free

301 --- E O F --- 2008-11-26 10:08:44


Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:53, on 2008-12-30
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ubastank\Desktop\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9921D18E-F777-43CF-AD69-3E6145CE9E8B}: NameServer = 85.255.112.102;85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9EAF00D-0970-4370-AA7A-9A64373D0148}: NameServer = 85.255.112.102;85.255.112.168
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11426 bytes

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:01 AM

Posted 30 December 2008 - 01:09 PM

Hi, Shadowlink :thumbsup:

I am going to give you a fix to be ran by Combofix. If after running the fix you lose Internet Connection, do not restore the computer to an earlier date as you will be restoring the nasties also.

If you lose Internet Connection, follow these steps:
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen
Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:


netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns
(The space between g and / is needed)
Exit

Restart the computer and try to connect.


Some Advise:

Many peer-to-peer networks are under constant attack by people with a variety of motives.

Examples include:
  • poisoning attacks (e.g. providing files whose contents are different than the description)
  • denial of service attacks (attacks that may make the network run very slowly or break completely)
  • defection attacks (users or software that make use of the network without contributing resources to it)
  • insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
  • malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
  • filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
  • identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
  • spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to. Such as: Online Scans and scanners that run on your machine but are not actively scanning your machine.

The logs indicate entries for the following:

c:\program files\Avira
c:\program files\Alwil Software (AVAST)
c:\users\All Users\ESET
c:\programdata\ESET
c:\programdata\Avg8
c:\users\All Users\Trend Micro
c:\programdata\Trend Micro

You mst remove all but one. Same rule applies to Firewalls.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
File::c:\windows\System32\ijjiSetup.exec:\windows\System32\ijjiPlugin2.dllc:\windows\System32\PubPlugin.dllc:\windows\System32\drivers\ndisprot.sysDriver::Ndisprot

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Shadowlink

Shadowlink
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 31 December 2008 - 04:04 AM

Hi again. And sorry for not responding too soon, I have been busy this whole week. I did the combo fix and my connection cut out. After I put my internet settings to obtain DNS servers automatically it started working, but when I did the commands it said it required "elevation." I previously had a static ip address and ports forwarded on my router, but I can't return to my old settings without the internet disconnecting.

Also, I think the virus might be gone. I did a bunch of web searches and I was not redirected to any advertisements. I was also allowed to access some sites that I was not allowed to enter with the virus.

One last thing, I have no idea why those anti-virus programs show up on the logs. I uninstalled them all a long time ago. I never had two active at the same time. I always uninstalled one before I installed another.

Here are the logs:
ComboFix 08-12-30.02 - Ubastank 2008-12-31 0:20:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.302 [GMT -8:00]
Running from: c:\users\Ubastank\Desktop\ComboFix.exe
Command switches used :: c:\users\Ubastank\Desktop\CFScript.txt

FILE ::
File::c:\windows\System32\ijjiSetup.exec:\windows\System32\ijjiPlugin2.dllc:\windows\System32\PubPlugin.dllc:\windows\System32\drivers\ndisprot.sysDriver::Ndisprot
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Ubastank\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Windows Tribute Service


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-29 18:50 . 2008-12-29 18:50 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-29 18:50 . 2008-12-29 18:50 <DIR> d-------- c:\program files\Yahoo!
2008-12-29 00:49 . 2008-12-29 00:49 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-29 00:39 . 2008-12-29 00:39 <DIR> d-------- c:\program files\NHN USA
2008-12-29 00:39 . 2008-06-17 19:28 710,064 --a------ c:\windows\System32\ijjiSetup.exe
2008-12-29 00:39 . 2008-04-23 14:02 157,152 --a------ c:\windows\System32\PubPlugin.dll
2008-12-29 00:39 . 2008-06-11 23:01 58,800 --a------ c:\windows\System32\ijjiPlugin2.dll
2008-12-28 22:43 . 2008-12-28 22:55 <DIR> d-------- c:\users\All Users\WinZip
2008-12-28 22:43 . 2008-12-28 22:55 <DIR> d-------- c:\programdata\WinZip
2008-12-28 00:41 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-12-21 01:16 . 2008-12-21 01:16 <DIR> d-------- C:\rsit
2008-12-19 22:10 . 2008-12-26 02:38 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\U3
2008-12-16 19:41 . 2008-12-16 19:41 <DIR> d-------- c:\windows\Simple Static IP
2008-12-12 22:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-12 22:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-12 02:26 . 2008-12-12 02:26 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-12 02:26 . 2008-12-12 02:26 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-12 02:25 . 2008-12-12 02:25 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\SUPERAntiSpyware.com
2008-12-12 02:25 . 2008-12-28 02:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-12 00:05 . 2008-12-12 07:13 <DIR> d-------- c:\program files\Avira
2008-12-11 23:54 . 2008-12-11 23:52 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-11 21:07 . 2008-12-28 12:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 07:32 . 2008-12-11 07:32 <DIR> d-------- C:\kav
2008-12-09 01:12 . 2008-12-09 01:13 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-07 21:52 . 2008-12-07 21:52 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 21:11 . 2008-12-28 01:24 <DIR> d-------- c:\program files\Trojan Remover
2008-12-07 21:11 . 2006-05-25 15:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2008-12-07 21:11 . 2003-02-02 20:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2008-12-07 21:11 . 2005-08-26 01:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2008-12-07 21:11 . 2002-03-06 01:00 75,264 --a------ c:\windows\System32\unacev2.dll
2008-12-07 21:11 . 2006-06-19 13:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2008-12-07 17:33 . 2008-12-07 17:33 <DIR> d-------- c:\users\All Users\ESET
2008-12-07 17:33 . 2008-12-07 17:33 <DIR> d-------- c:\programdata\ESET
2008-12-07 01:34 . 2008-12-07 01:34 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\TrojanHunter
2008-12-06 23:44 . 2008-12-07 16:32 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-06 22:49 . 2008-12-06 23:37 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-06 22:49 . 2008-12-06 23:37 <DIR> d-a------ c:\programdata\TEMP
2008-12-06 18:42 . 2008-12-09 01:38 <DIR> d-------- c:\users\All Users\Avg8
2008-12-06 18:42 . 2008-12-09 01:38 <DIR> d-------- c:\programdata\Avg8
2008-12-06 15:13 . 2008-12-21 02:09 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\IObit
2008-12-06 15:13 . 2008-12-06 15:13 <DIR> d-------- c:\program files\IObit
2008-12-06 01:34 . 2008-12-06 01:34 <DIR> d-------- c:\users\All Users\Trend Micro
2008-12-06 01:34 . 2008-12-06 01:34 <DIR> d-------- c:\programdata\Trend Micro
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\Malwarebytes
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 02:07 . 2008-12-06 14:45 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-04 02:07 . 2008-12-06 14:45 <DIR> d-------- c:\programdata\Lavasoft
2008-12-04 00:34 . 2008-12-04 00:34 29,184 --a------ c:\windows\System32\drivers\ndisprot.sys
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\program files\iTunes
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\program files\iPod
2008-11-30 01:46 . 2008-11-30 01:47 <DIR> d-------- c:\program files\QuickTime
2008-11-29 03:10 . 2008-11-29 03:15 <DIR> d-------- c:\program files\MP3 Music Search
2008-11-25 13:11 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 13:11 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 13:11 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 13:11 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 13:11 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 16:37 . 2008-11-23 16:37 <DIR> d-------- c:\program files\Ventrilo
2008-11-23 16:37 . 2008-11-23 16:38 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\users\All Users\acccore
2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\programdata\acccore
2008-11-18 15:34 . 2008-10-16 13:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 15:34 . 2008-10-16 12:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 15:34 . 2008-10-16 13:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 15:34 . 2008-10-16 13:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 15:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 15:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 20:31 . 2008-11-15 20:31 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-15 20:30 . 2008-11-15 20:30 <DIR> d-------- C:\OpenCandy
2008-11-11 19:46 . 2008-09-09 19:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 19:46 . 2008-09-04 21:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 19:46 . 2008-08-26 17:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-01 18:09 . 2008-08-05 01:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 18:09 . 2008-08-05 01:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 18:09 . 2008-08-05 01:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 18:09 . 2008-08-05 01:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 18:09 . 2008-08-05 01:48 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 17:48 --------- d-----w c:\users\Ubastank\AppData\Roaming\uTorrent
2008-12-29 08:45 --------- d--h--w c:\users\Ubastank\AppData\Roaming\ijjigame
2008-12-29 08:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-22 07:00 --------- d-----w c:\users\Ubastank\AppData\Roaming\LimeWire
2008-12-19 20:50 --------- d-----w c:\program files\Combined Community Codec Pack
2008-12-12 10:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-12 07:52 --------- d-----w c:\program files\Java
2008-12-08 01:25 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-08 01:22 --------- d-----w c:\users\Ubastank\AppData\Roaming\Move Networks
2008-12-08 01:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 00:42 --------- d-----w c:\program files\Sony
2008-12-08 00:26 --------- d-----w c:\program files\Diablo II
2008-12-06 09:28 --------- d-----w c:\programdata\Symantec
2008-12-06 09:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 09:25 --------- d-----w c:\program files\Symantec
2008-12-05 03:00 --------- d-----w c:\users\Ubastank\AppData\Roaming\Ventrilo
2008-12-05 03:00 --------- d-----w c:\programdata\Microsoft Help
2008-12-05 03:00 --------- d-----w c:\program files\Microsoft Works
2008-11-30 09:50 --------- d-----w c:\program files\Common Files\Apple
2008-11-29 11:28 --------- d-----w c:\program files\LimeWire
2008-11-20 05:34 --------- d-----w c:\programdata\Viewpoint
2008-11-20 05:34 --------- d-----w c:\program files\AIM6
2008-11-20 05:33 --------- d-----w c:\programdata\AOL Downloads
2008-11-16 04:31 --------- d-----w c:\program files\Red Kawa
2008-10-03 23:37 21,840 ----atw c:\windows\System32\SIntfNT.dll
2008-10-03 23:37 17,212 ----atw c:\windows\System32\SIntf32.dll
2008-10-03 23:37 12,067 ----atw c:\windows\System32\SIntf16.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-06-25 04:35 174 --sha-w c:\program files\desktop.ini
2008-05-11 03:35 47,360 ----a-w c:\users\Ubastank\AppData\Roaming\pcouffin.sys
2007-10-25 09:56 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-10-25 09:56 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2007-10-25 06:20 0 ----a-w c:\users\Ubastank\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-06-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-25 c:\windows\SkyTel.exe]

c:\users\Ubastank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3FDFFF6-A2C3-4D81-B9D5-E596A2A78431}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{C1276CC4-0275-4F38-AC3F-DF34F2E3B35C}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{7214DC80-392C-4161-91D1-21F7F67CCAD2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A1B83C8B-80B3-48B5-8606-FE185951DED3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A9BE402-66EC-45B3-8193-C23B376C9BF0}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DF47A04E-2595-42DA-B982-0BCF1549F51A}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B91F68E2-F342-453B-AA0A-E72CBACA9251}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3FA48001-92BD-4820-A7B8-260B305F0EB6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B4C41BB-BD2C-4A1C-B224-8EEDB84CD068}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6A2E7EC6-F43C-4270-BA9C-F52EBB9F06E8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D51BBF51-A4A7-418D-894D-0CF11D579075}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B8C82954-DA58-4B53-9B00-6BB34CD83F0E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{78220AAF-E6F9-4B7B-8150-B28BD726B3B7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{42E79AB1-CB3B-40A2-BA26-3D03BC081DCF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{35E98FBE-1733-450D-99A3-C8315DE554A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ECC0F487-07E7-40E6-81EA-119B608445ED}"= TCP:3876:Limewire
"{698A75AF-0894-4191-9639-2A386DA3851F}"= UDP:3876:Limewire
"TCP Query User{C6A88CCE-C101-4F4B-82C8-3E528AE1FD32}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{D1C54497-6C0B-4D99-AC7C-7477F27344C0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{432B7A58-052E-4203-8280-208BF5A40629}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{EEB41611-006A-42B0-9D08-70F0FFC9947C}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{B68892B3-0E47-431F-A570-3BB3C9D567E7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5CE097FB-32F1-4552-AF43-F22CA3977FF9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68B9FF2E-7A58-4AFC-B098-B9A441C99204}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{64F766F5-CBA5-45BE-9337-C1638CBE2C8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D8BE824-CB1F-454F-B6EE-BF1568BA3953}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{88B4A22A-54ED-4CA1-8E18-8F5F427B274F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{2F35931B-6B7A-4111-885F-00CA20B42590}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{615A5ED0-9359-49EE-A8E4-D880F6C63D9E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B98C0373-D3EF-43B9-A8C4-50ED7B5CC349}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{98A7C543-F800-4BC4-84DC-41766A984007}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{93022939-1ABB-4932-ADD9-D2D573591C41}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{EA3864B9-E007-44A6-B3C1-D0F739F2B6D9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{C9A9EDE6-80E6-4ED2-BC0F-56B37EC7351C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1C0E5685-BF14-43F7-A21C-F24DDC64F917}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6554300D-0669-4C1D-B36F-9137F32520A7}c:\\users\\ubastank\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7sivwwn2\\gunboundrv_setup[1].exe"= UDP:c:\users\ubastank\appdata\local\microsoft\windows\temporary internet files\content.ie5\7sivwwn2\gunboundrv_setup[1].exe:gunboundrv_setup[1].exe
"UDP Query User{37226A09-9113-40F0-97C0-8395B834BAAC}c:\\users\\ubastank\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7sivwwn2\\gunboundrv_setup[1].exe"= TCP:c:\users\ubastank\appdata\local\microsoft\windows\temporary internet files\content.ie5\7sivwwn2\gunboundrv_setup[1].exe:gunboundrv_setup[1].exe
"TCP Query User{05777687-603F-4DA5-A8D8-3E342FF709D3}c:\\ijji\\english\\u_gbound.exe"= UDP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"UDP Query User{37BCD079-2CCB-4A6D-9760-766C6D1C7FB1}c:\\ijji\\english\\u_gbound.exe"= TCP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"TCP Query User{766C0D29-0B6C-404D-A60D-AAAD038AFB35}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= UDP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound
"UDP Query User{F614E494-1B17-4B8E-9D39-6152F07EE143}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= TCP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-08-26 812544]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-06-18 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-12-04 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f87c27-2191-11dd-97f8-001a801ba5b8}]
\shell\AutoRun\command - Autorun.exe /run
\shell\Shell00\Command - Autorun.exe /run
\shell\Shell01\Command - Autorun.exe /action
\shell\Shell02\Command - Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 16:11]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{AB0C8BE3-041C-47d6-8195-E089D32B38DD} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\users\Ubastank\AppData\Roaming\Mozilla\Firefox\Profiles\1ohicfef.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 00:27:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\Network Utility\NSUService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\igfxext.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-12-31 0:33:10 - machine was rebooted [Ubastank]
ComboFix-quarantined-files.txt 2008-12-31 08:32:51
ComboFix2.txt 2008-12-30 10:34:52

Pre-Run: 19,818,807,296 bytes free
Post-Run: 19,490,631,680 bytes free

323 --- E O F --- 2008-11-26 10:08:44



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:53 AM, on 12/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Ubastank\Desktop\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10651 bytes


GooredFix v1.6 by jpshortstuff
Log created at 00:45 on 31/12/2008 running Option #1
Firefox version 3.0 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#8 Shadowlink

Shadowlink
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 31 December 2008 - 04:11 AM

Actually I solved the port forwarding problem. Sorry about that. I also think that might have done the job. No more problems on my computer anymore, from what I can tell. Thank you so much.

#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:01 AM

Posted 31 December 2008 - 02:07 PM

Hi, Shadowlink :thumbsup:

The fix didn't go thru. It went as follows:

File::c:\windows\System32\ijjiSetup.exec:\windows\System32\ijjiPlugin2.dllc:\windows\System32\PubPlugin.dllc:\windows\System32\drivers\ndisprot.sysDriver::Ndisprot

It should go as this:

File::
c:\windows\System32\ijjiSetup.exe
c:\windows\System32\ijjiPlugin2.dll
c:\windows\System32\PubPlugin.dll
c:\windows\System32\drivers\ndisprot.sys

Driver::
Ndisprot

Open Notepad. Select Format from the menu. Make sure Wordwrap is unchecked, then please repeat the fix.

You should also check for remnants:

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u11-windows-i586-p.exe) and select "Run as an Administrator.")

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Shadowlink

Shadowlink
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 31 December 2008 - 09:04 PM

Here is the combofix: ComboFix 08-12-30.02 - Ubastank 2008-12-31 15:31:10.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.273 [GMT -8:00]
Running from: c:\users\Ubastank\Desktop\ComboFix.exe
Command switches used :: c:\users\Ubastank\Desktop\CFScript.txt

FILE ::
c:\windows\System32\drivers\ndisprot.sys
c:\windows\System32\ijjiPlugin2.dll
c:\windows\System32\ijjiSetup.exe
c:\windows\System32\PubPlugin.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\ndisprot.sys
c:\windows\System32\ijjiPlugin2.dll
c:\windows\System32\ijjiSetup.exe
c:\windows\System32\PubPlugin.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISPROT
-------\Service_Ndisprot


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-31 15:28 . 2008-12-31 15:28 <DIR> d-------- C:\32788R22FWJFW
2008-12-31 04:01 . 2008-10-21 17:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-31 03:38 . 2008-10-31 17:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-31 03:38 . 2008-10-20 21:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-31 03:38 . 2008-10-31 19:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-31 03:37 . 2008-10-28 22:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-31 03:37 . 2008-10-15 20:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-31 03:36 . 2008-06-22 17:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-31 03:36 . 2008-06-22 17:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-31 03:36 . 2008-06-22 17:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-29 18:50 . 2008-12-29 18:50 <DIR> d--h----- c:\windows\msdownld.tmp
2008-12-29 18:50 . 2008-12-31 01:57 <DIR> d-------- c:\program files\Yahoo!
2008-12-29 00:49 . 2008-12-29 00:49 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-29 00:39 . 2008-12-29 00:39 <DIR> d-------- c:\program files\NHN USA
2008-12-28 22:43 . 2008-12-28 22:55 <DIR> d-------- c:\users\All Users\WinZip
2008-12-28 22:43 . 2008-12-28 22:55 <DIR> d-------- c:\programdata\WinZip
2008-12-28 00:41 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-12-21 01:16 . 2008-12-21 01:16 <DIR> d-------- C:\rsit
2008-12-19 22:10 . 2008-12-26 02:38 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\U3
2008-12-16 19:41 . 2008-12-16 19:41 <DIR> d-------- c:\windows\Simple Static IP
2008-12-12 22:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-12 22:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-12 02:26 . 2008-12-12 02:26 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-12 02:26 . 2008-12-12 02:26 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-12 02:25 . 2008-12-12 02:25 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\SUPERAntiSpyware.com
2008-12-12 02:25 . 2008-12-28 02:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-12 00:05 . 2008-12-12 07:13 <DIR> d-------- c:\program files\Avira
2008-12-11 23:54 . 2008-12-11 23:52 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-11 21:07 . 2008-12-28 12:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 07:32 . 2008-12-11 07:32 <DIR> d-------- C:\kav
2008-12-09 01:12 . 2008-12-09 01:13 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-07 21:52 . 2008-12-07 21:52 <DIR> d-------- c:\program files\Alwil Software
2008-12-07 21:11 . 2008-12-28 01:24 <DIR> d-------- c:\program files\Trojan Remover
2008-12-07 21:11 . 2006-05-25 15:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2008-12-07 21:11 . 2003-02-02 20:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2008-12-07 21:11 . 2005-08-26 01:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2008-12-07 21:11 . 2002-03-06 01:00 75,264 --a------ c:\windows\System32\unacev2.dll
2008-12-07 21:11 . 2006-06-19 13:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2008-12-07 17:33 . 2008-12-07 17:33 <DIR> d-------- c:\users\All Users\ESET
2008-12-07 17:33 . 2008-12-07 17:33 <DIR> d-------- c:\programdata\ESET
2008-12-07 01:34 . 2008-12-07 01:34 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\TrojanHunter
2008-12-06 23:44 . 2008-12-07 16:32 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-06 22:49 . 2008-12-06 23:37 <DIR> d-a------ c:\users\All Users\TEMP
2008-12-06 22:49 . 2008-12-06 23:37 <DIR> d-a------ c:\programdata\TEMP
2008-12-06 18:42 . 2008-12-09 01:38 <DIR> d-------- c:\users\All Users\Avg8
2008-12-06 18:42 . 2008-12-09 01:38 <DIR> d-------- c:\programdata\Avg8
2008-12-06 15:13 . 2008-12-21 02:09 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\IObit
2008-12-06 15:13 . 2008-12-06 15:13 <DIR> d-------- c:\program files\IObit
2008-12-06 01:34 . 2008-12-06 01:34 <DIR> d-------- c:\users\All Users\Trend Micro
2008-12-06 01:34 . 2008-12-06 01:34 <DIR> d-------- c:\programdata\Trend Micro
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\users\Ubastank\AppData\Roaming\Malwarebytes
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-05 01:06 . 2008-12-05 01:06 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-04 02:49 . 2008-12-28 01:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-04 02:07 . 2008-12-06 14:45 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-04 02:07 . 2008-12-06 14:45 <DIR> d-------- c:\programdata\Lavasoft
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\program files\iTunes
2008-11-30 01:50 . 2008-11-30 01:50 <DIR> d-------- c:\program files\iPod
2008-11-30 01:46 . 2008-11-30 01:47 <DIR> d-------- c:\program files\QuickTime
2008-11-29 03:10 . 2008-11-29 03:15 <DIR> d-------- c:\program files\MP3 Music Search
2008-11-25 13:11 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 13:11 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 13:11 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 13:11 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 13:11 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-23 16:37 . 2008-11-23 16:37 <DIR> d-------- c:\program files\Ventrilo
2008-11-23 16:37 . 2008-11-23 16:38 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\users\All Users\acccore
2008-11-19 21:34 . 2008-11-19 21:34 <DIR> d-------- c:\programdata\acccore
2008-11-18 15:34 . 2008-10-16 13:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-18 15:34 . 2008-10-16 12:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-18 15:34 . 2008-10-16 13:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-18 15:34 . 2008-10-16 12:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-18 15:34 . 2008-10-16 13:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-18 15:34 . 2008-10-16 13:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-18 15:34 . 2008-10-16 13:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-18 15:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-18 15:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-15 20:31 . 2008-11-15 20:31 <DIR> d-------- c:\program files\AviSynth 2.5
2008-11-15 20:30 . 2008-11-15 20:30 <DIR> d-------- C:\OpenCandy
2008-11-11 19:46 . 2008-09-09 19:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 19:46 . 2008-09-04 21:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 19:46 . 2008-08-26 17:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\System32\QuickTime.qts
2008-11-01 18:09 . 2008-08-05 01:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-01 18:09 . 2008-08-05 01:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-01 18:09 . 2008-08-05 01:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-01 18:09 . 2008-08-05 01:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-01 18:09 . 2008-08-05 01:48 80,896 --a------ c:\windows\System32\MSNP.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 12:08 --------- d-----w c:\program files\Windows Mail
2008-12-31 11:58 --------- d-----w c:\users\Ubastank\AppData\Roaming\uTorrent
2008-12-31 11:58 --------- d-----w c:\users\Ubastank\AppData\Roaming\LimeWire
2008-12-31 09:53 --------- d-----w c:\program files\LimeWire
2008-12-29 08:45 --------- d--h--w c:\users\Ubastank\AppData\Roaming\ijjigame
2008-12-29 08:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 20:50 --------- d-----w c:\program files\Combined Community Codec Pack
2008-12-12 10:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-12 07:52 --------- d-----w c:\program files\Java
2008-12-08 01:25 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-12-08 01:22 --------- d-----w c:\users\Ubastank\AppData\Roaming\Move Networks
2008-12-08 01:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 00:42 --------- d-----w c:\program files\Sony
2008-12-08 00:26 --------- d-----w c:\program files\Diablo II
2008-12-06 09:28 --------- d-----w c:\programdata\Symantec
2008-12-06 09:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-06 09:25 --------- d-----w c:\program files\Symantec
2008-12-05 03:00 --------- d-----w c:\users\Ubastank\AppData\Roaming\Ventrilo
2008-12-05 03:00 --------- d-----w c:\programdata\Microsoft Help
2008-12-05 03:00 --------- d-----w c:\program files\Microsoft Works
2008-11-30 09:50 --------- d-----w c:\program files\Common Files\Apple
2008-11-20 05:34 --------- d-----w c:\programdata\Viewpoint
2008-11-20 05:34 --------- d-----w c:\program files\AIM6
2008-11-20 05:33 --------- d-----w c:\programdata\AOL Downloads
2008-11-16 04:31 --------- d-----w c:\program files\Red Kawa
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-06-25 04:35 174 --sha-w c:\program files\desktop.ini
2008-05-11 03:35 47,360 ----a-w c:\users\Ubastank\AppData\Roaming\pcouffin.sys
2007-10-25 09:56 1,132,112 ----a-w c:\users\All Users\pswi_preloaded.exe
2007-10-25 09:56 1,132,112 ----a-w c:\programdata\pswi_preloaded.exe
2007-10-25 06:20 0 ----a-w c:\users\Ubastank\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_ 0.31.18.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 23:30:29 6,365,184 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-12-31 23:34:57 6,365,184 ----a-w c:\windows\ERDNT\subs\schema.dat
- 2008-12-31 08:26:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-31 23:37:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-31 08:26:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-31 23:37:25 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-31 08:26:56 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-31 23:38:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-31 23:38:19 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-01 19:10:51 2,641,057 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-12-31 12:12:16 2,641,057 -c--a-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-12-31 08:27:11 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-31 23:39:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-12-31 06:24:49 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-31 19:50:58 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-31 06:24:49 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-31 19:50:58 131,072 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-31 06:24:49 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-31 19:50:58 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-31 08:19:30 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-31 23:30:39 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-02 03:49:14 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-02 03:49:14 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-02 03:49:14 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
- 2008-11-04 00:10:26 17,318,336 ----a-w c:\windows\System32\mrt.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\System32\mrt.exe
- 2008-10-02 03:49:15 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-02 03:49:16 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
- 2008-04-24 04:58:20 11,580,416 ----a-w c:\windows\System32\shell32.dll
+ 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\System32\shell32.dll
- 2008-12-07 02:44:05 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-31 23:34:57 6,365,184 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-10-02 03:49:19 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
- 2008-12-30 19:14:58 12,656 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3509058193-716748094-346581372-1002_UserData.bin
+ 2008-12-31 08:28:16 12,688 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3509058193-716748094-346581372-1002_UserData.bin
- 2008-12-30 19:14:57 75,932 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-31 23:39:27 76,104 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-31 08:25:07 8,232 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-31 12:09:21 8,232 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-01-19 07:36:11 2,386,944 ----a-w c:\windows\System32\WMVCORE.DLL
+ 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\System32\WMVCORE.DLL
- 2008-12-06 23:39:23 149,045,389 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-31 12:03:42 162,586,595 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-11-01 03:33:48 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16772_none_7fd1ee2663d3b893\Apphlpdm.dll
+ 2008-11-01 03:24:17 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.20949_none_8082fea17cd2b312\Apphlpdm.dll
+ 2008-11-01 03:44:34 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18165_none_81c5fd9660ef7998\Apphlpdm.dll
+ 2008-10-31 03:35:04 28,672 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22299_none_82332bc57a21d291\Apphlpdm.dll
+ 2008-10-31 23:23:42 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16772_none_09f24c89f55cce48\AcRes.dll
+ 2008-10-31 23:23:36 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20949_none_0aa35d050e5bc8c7\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18165_none_0be65bf9f2788f4d\AcRes.dll
+ 2008-10-31 01:05:22 2,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22299_none_0c538a290baae846\AcRes.dll
+ 2008-11-01 03:33:48 2,144,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16772_none_09f44d1df55b00f6\AcGenral.dll
+ 2008-11-01 03:24:15 2,144,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20949_none_0aa55d990e59fb75\AcGenral.dll
+ 2008-11-01 03:44:34 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18165_none_0be85c8df276c1fb\AcGenral.dll
+ 2008-10-31 03:35:04 2,154,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22299_none_0c558abd0ba91af4\AcGenral.dll
+ 2008-11-01 03:33:48 449,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16772_none_09f54d67f55a1a4d\AcSpecfc.dll
+ 2008-11-01 03:24:15 450,560 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20949_none_0aa65de30e5914cc\AcSpecfc.dll
+ 2008-11-01 03:44:34 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18165_none_0be95cd7f275db52\AcSpecfc.dll
+ 2008-10-31 03:35:04 460,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22299_none_0c568b070ba8344b\AcSpecfc.dll
+ 2008-11-01 03:33:48 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcLayers.dll
+ 2008-11-01 03:33:48 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16772_none_09f64db1f55933a4\AcXtrnal.dll
+ 2008-11-01 03:24:15 537,600 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcLayers.dll
+ 2008-11-01 03:24:15 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20949_none_0aa75e2d0e582e23\AcXtrnal.dll
+ 2008-11-01 03:44:34 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcLayers.dll
+ 2008-11-01 03:44:34 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18165_none_0bea5d21f274f4a9\AcXtrnal.dll
+ 2008-10-31 03:35:04 541,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcLayers.dll
+ 2008-10-31 03:35:04 173,056 ----a-w c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22299_none_0c578b510ba74da2\AcXtrnal.dll
+ 2008-10-16 04:40:33 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16764_none_a9a84a59f5d70728\advpack.dll
+ 2008-10-16 04:19:25 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20937_none_aa5559ad0ed99c4b\advpack.dll
+ 2008-10-29 06:20:29 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
+ 2008-10-28 02:15:02 2,923,520 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
+ 2008-10-29 06:29:41 2,927,104 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
+ 2008-10-30 03:59:17 2,927,616 ----a-w c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
+ 2008-11-01 03:33:49 1,687,040 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\gameux.dll
+ 2008-10-31 23:38:08 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\GameUXLegacyGDFs.dll
+ 2008-11-01 03:25:02 1,686,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\gameux.dll
+ 2008-10-31 23:38:11 4,247,552 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\gameux.dll
+ 2008-11-01 01:21:40 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\GameUXLegacyGDFs.dll
+ 2008-10-31 03:35:06 1,696,256 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\gameux.dll
+ 2008-10-31 01:17:43 4,240,384 ----a-w c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\GameUXLegacyGDFs.dll
+ 2008-10-21 05:16:20 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.16766_none_575d8f704c563751\gdi32.dll
+ 2008-10-21 05:07:18 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6000.20940_none_57f6cc3d65690456\gdi32.dll
+ 2008-10-21 05:25:18 296,960 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\gdi32.dll
+ 2008-10-21 05:21:43 297,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.22291_none_59a7f9ab62b73d2c\gdi32.dll
+ 2008-10-16 04:40:37 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16764_none_eba35409166fed27\pngfilt.dll
+ 2008-10-16 04:23:20 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20937_none_ec50635c2f72824a\pngfilt.dll
+ 2008-10-16 04:40:37 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16764_none_b2bffcbbd9d0648b\urlmon.dll
+ 2008-10-16 04:23:50 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20937_none_b36d0c0ef2d2f9ae\urlmon.dll
+ 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18157_none_b4b40c2bd6ec2590\urlmon.dll
+ 2008-10-16 04:38:28 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22288_none_b51e397cf0213284\urlmon.dll
+ 2008-10-16 04:40:36 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16764_none_dea28b847f7923fa\mstime.dll
+ 2008-10-16 04:22:03 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20937_none_df4f9ad7987bb91d\mstime.dll
+ 2008-10-16 04:47:32 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18157_none_e0969af47c94e4ff\mstime.dll
+ 2008-10-16 04:38:25 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22288_none_e100c84595c9f1f3\mstime.dll
+ 2008-10-21 23:31:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzres.dll
+ 2008-10-22 03:43:38 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16767_none_13273c340c95d620\tzupd.exe
+ 2008-10-21 23:30:56 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzres.dll
+ 2008-10-22 01:13:26 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.20941_none_13c0790125a8a325\tzupd.exe
+ 2008-10-22 01:22:11 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzres.dll
+ 2008-01-19 07:33:33 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18160_none_150678d409c2b5b0\tzupd.exe
+ 2008-10-22 01:04:22 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzres.dll
+ 2008-10-22 03:34:43 18,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22292_none_1571a66f22f6dbfb\tzupd.exe
+ 2008-10-16 04:40:35 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\jsproxy.dll
+ 2008-10-16 04:40:37 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
+ 2008-10-16 04:40:37 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\WininetPlugin.dll
+ 2008-10-16 04:20:49 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\jsproxy.dll
+ 2008-10-16 04:24:00 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
+ 2008-10-16 04:24:00 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\WininetPlugin.dll
+ 2008-10-16 04:47:30 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\jsproxy.dll
+ 2008-10-16 04:47:35 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WininetPlugin.dll
+ 2008-10-16 04:38:24 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\jsproxy.dll
+ 2008-10-16 04:38:28 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
+ 2008-10-16 04:38:28 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\WininetPlugin.dll
+ 2007-08-26 21:27:34 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16764_none_f96efb376ec50571\ieapfltr.dat
+ 2008-10-16 04:40:34 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16764_none_f96efb376ec50571\ieapfltr.dll
+ 2007-08-26 21:27:34 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20937_none_fa1c0a8a87c79a94\ieapfltr.dat
+ 2008-10-16 04:20:23 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20937_none_fa1c0a8a87c79a94\ieapfltr.dll
+ 2008-10-16 04:40:34 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtmsft.dll
+ 2008-10-16 04:40:34 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16764_none_95a333ef84aa8b9f\dxtrans.dll
+ 2008-10-16 04:20:03 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtmsft.dll
+ 2008-10-16 04:20:03 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20937_none_965043429dad20c2\dxtrans.dll
+ 2008-10-16 04:40:35 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16764_none_4605ce47466b3e2c\mshtmled.dll
+ 2008-10-16 04:21:41 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20937_none_46b2dd9a5f6dd34f\mshtmled.dll
+ 2008-10-16 04:40:35 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16764_none_111ff77c252ff454\mshtml.dll
+ 2008-12-12 05:45:18 3,593,216 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none_110e58cc253c9192\mshtml.dll
+ 2008-10-16 04:21:40 3,595,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20937_none_11cd06cf3e328977\mshtml.dll
+ 2008-12-12 05:40:02 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none_119dc5f73e5693df\mshtml.dll
+ 2008-10-16 04:47:30 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18157_none_131406ec224bb559\mshtml.dll
+ 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none_12ef96002267a3d0\mshtml.dll
+ 2008-10-16 04:38:25 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22288_none_137e343d3b80c24d\mshtml.dll
+ 2008-12-12 05:47:44 3,579,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none_13bf15ab3b5017ce\mshtml.dll
+ 2008-10-16 04:40:34 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16764_none_587864466744805d\icardie.dll
+ 2008-10-16 04:20:23 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20937_none_5925739980471580\icardie.dll
+ 2008-10-16 04:40:06 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\ieUnatt.exe
+ 2008-10-16 04:42:58 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
+ 2008-10-16 02:13:16 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\ieUnatt.exe
+ 2008-10-16 04:27:53 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
+ 2008-10-16 04:40:34 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\iertutil.dll
+ 2008-10-16 04:40:37 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16764_none_45808f398f8aa97b\sqmapi.dll
+ 2008-10-16 04:20:24 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\iertutil.dll
+ 2008-10-16 04:23:41 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20937_none_462d9e8ca88d3e9e\sqmapi.dll
+ 2008-10-16 04:47:29 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\iertutil.dll
+ 2008-01-19 07:36:35 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18157_none_47749ea98ca66a80\sqmapi.dll
+ 2008-10-16 04:38:24 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\iertutil.dll
+ 2008-10-16 04:38:27 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22288_none_47decbfaa5db7774\sqmapi.dll
+ 2008-10-16 04:40:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\ie4uinit.exe
+ 2008-10-16 04:40:34 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iernonce.dll
+ 2008-10-16 04:40:34 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16764_none_c3ad9a04617fc2a6\iesetup.dll
+ 2008-10-16 02:13:06 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\ie4uinit.exe
+ 2008-10-16 04:20:24 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iernonce.dll
+ 2008-10-16 04:20:24 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20937_none_c45aa9577a8257c9\iesetup.dll
+ 2008-10-16 04:40:34 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16764_none_29d2b074682f9803\iebrshim.dll
+ 2008-11-01 03:33:49 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16772_none_29c5dff468398146\iebrshim.dll
+ 2008-10-16 04:20:23 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20937_none_2a7fbfc781322d26\iebrshim.dll
+ 2008-11-01 03:25:13 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20949_none_2a76f06f81387bc5\iebrshim.dll
+ 2008-11-01 03:44:36 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.18165_none_2bb9ef646555424b\iebrshim.dll
+ 2008-10-31 03:35:06 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6001.22299_none_2c271d937e879b44\iebrshim.dll
+ 2008-10-16 04:40:34 6,066,176 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieframe.dll
+ 2008-10-16 04:40:34 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16764_none_627f517fb1258281\ieui.dll
+ 2008-10-16 04:20:24 6,068,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieframe.dll
+ 2008-10-16 04:20:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20937_none_632c60d2ca2817a4\ieui.dll
+ 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieframe.dll
+ 2008-01-19 07:34:31 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18157_none_647360efae414386\ieui.dll
+ 2008-10-16 04:38:24 6,069,760 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieframe.dll
+ 2008-10-16 04:38:24 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22288_none_64dd8e40c776507a\ieui.dll
+ 2008-10-16 04:40:06 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16764_none_e678bdfe94a8d6b9\ieinstal.exe
+ 2008-10-16 02:13:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20937_none_e725cd51adab6bdc\ieinstal.exe
+ 2008-10-16 04:40:06 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16764_none_0b20f31ad723966b\ieuser.exe
+ 2008-10-16 02:13:32 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20937_none_0bce026df0262b8e\ieuser.exe
+ 2008-06-23 01:52:48 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mf.dll
+ 2008-06-22 22:34:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mferror.dll
+ 2008-06-23 01:52:18 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfpmp.exe
+ 2008-06-23 01:52:48 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\mfps.dll
+ 2008-06-23 01:52:29 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16708_none_9a80f4cc0f93e171\rrinstaller.exe
+ 2008-06-23 01:45:58 2,855,424 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mf.dll
+ 2008-06-22 22:30:28 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mferror.dll
+ 2008-06-22 23:56:54 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfpmp.exe
+ 2008-06-23 01:46:00 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\mfps.dll
+ 2008-06-22 23:56:20 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.20864_none_9ac5b0e728e5c385\rrinstaller.exe
+ 2008-06-23 01:59:25 2,868,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mf.dll
+ 2006-11-02 12:35:51 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mferror.dll
+ 2008-01-19 07:33:15 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfpmp.exe
+ 2008-01-19 07:34:45 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfps.dll
+ 2008-01-19 07:33:25 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\rrinstaller.exe
+ 2008-06-23 01:41:40 2,868,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mf.dll
+ 2008-06-23 00:00:57 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mferror.dll
+ 2008-06-23 00:01:07 24,576 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfpmp.exe
+ 2008-06-23 01:39:32 98,816 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\mfps.dll
+ 2008-06-23 00:00:33 53,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22208_none_9cf0d03d25d8122c\rrinstaller.exe
+ 2008-06-23 01:52:15 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.16708_none_e96251c7c4db0f0d\logagent.exe
+ 2008-06-22 23:58:14 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6000.20864_none_e9a70de2de2cf121\logagent.exe
+ 2008-06-23 01:58:43 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.18096_none_eae53ea7c24c6ba2\logagent.exe
+ 2008-06-23 00:02:10 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_6.0.6001.22208_none_ebd22d38db1f3fc8\logagent.exe
+ 2008-06-23 01:52:51 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.16708_none_4567bba6c17416fd\WMNetMgr.dll
+ 2008-06-23 01:49:03 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6000.20864_none_45ac77c1dac5f911\WMNetMgr.dll
+ 2008-06-23 01:59:26 996,352 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.18096_none_46eaa886bee57392\WMNetMgr.dll
+ 2008-06-23 01:42:23 996,864 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmnetmgr_31bf3856ad364e35_6.0.6001.22208_none_47d79717d7b847b8\WMNetMgr.dll
+ 2008-06-23 01:52:51 2,433,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16708_none_0554495dd8a9b82d\WMVCORE.DLL
+ 2008-06-23 01:49:11 2,436,096 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.20864_none_05990578f1fb9a41\WMVCORE.DLL
+ 2008-06-23 01:59:25 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18096_none_06d7363dd61b14c2\WMVCORE.DLL
+ 2008-06-23 01:41:43 2,386,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22208_none_07c424ceeeede8e8\WMVCORE.DLL
+ 2008-11-11 23:21:19 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16776_none_f05c2fac6e871afe\OESpamFilter.dat
+ 2008-11-11 23:22:42 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20954_none_f0f96da187964d5f\OESpamFilter.dat
+ 2008-11-11 23:23:20 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18169_none_f2503f1c6ba2dc03\OESpamFilter.dat
+ 2008-11-11 23:23:01 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22307_none_f318bcc184919ea0\OESpamFilter.dat
+ 2008-11-06 12:57:06 11,315,712 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16774_none_69fb3fd2150a82e8\shell32.dll
+ 2008-11-06 12:59:14 11,320,832 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20951_none_6a977d7d2e1a9bf2\shell32.dll
+ 2008-11-06 13:14:25 11,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\shell32.dll
+ 2008-11-06 12:59:27 11,582,976 ----a-w c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22303_none_6cb5cc532b16d3dc\shell32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-06-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-25 c:\windows\SkyTel.exe]

c:\users\Ubastank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-24 18:26 98304 c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3FDFFF6-A2C3-4D81-B9D5-E596A2A78431}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{C1276CC4-0275-4F38-AC3F-DF34F2E3B35C}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{7214DC80-392C-4161-91D1-21F7F67CCAD2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A1B83C8B-80B3-48B5-8606-FE185951DED3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A9BE402-66EC-45B3-8193-C23B376C9BF0}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{DF47A04E-2595-42DA-B982-0BCF1549F51A}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B91F68E2-F342-453B-AA0A-E72CBACA9251}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3FA48001-92BD-4820-A7B8-260B305F0EB6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B4C41BB-BD2C-4A1C-B224-8EEDB84CD068}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6A2E7EC6-F43C-4270-BA9C-F52EBB9F06E8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D51BBF51-A4A7-418D-894D-0CF11D579075}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B8C82954-DA58-4B53-9B00-6BB34CD83F0E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{78220AAF-E6F9-4B7B-8150-B28BD726B3B7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{42E79AB1-CB3B-40A2-BA26-3D03BC081DCF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{35E98FBE-1733-450D-99A3-C8315DE554A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{ECC0F487-07E7-40E6-81EA-119B608445ED}"= TCP:3876:Limewire
"{698A75AF-0894-4191-9639-2A386DA3851F}"= UDP:3876:Limewire
"TCP Query User{C6A88CCE-C101-4F4B-82C8-3E528AE1FD32}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{D1C54497-6C0B-4D99-AC7C-7477F27344C0}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{432B7A58-052E-4203-8280-208BF5A40629}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{EEB41611-006A-42B0-9D08-70F0FFC9947C}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{B68892B3-0E47-431F-A570-3BB3C9D567E7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5CE097FB-32F1-4552-AF43-F22CA3977FF9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{68B9FF2E-7A58-4AFC-B098-B9A441C99204}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{64F766F5-CBA5-45BE-9337-C1638CBE2C8D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8D8BE824-CB1F-454F-B6EE-BF1568BA3953}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{88B4A22A-54ED-4CA1-8E18-8F5F427B274F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{2F35931B-6B7A-4111-885F-00CA20B42590}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{615A5ED0-9359-49EE-A8E4-D880F6C63D9E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B98C0373-D3EF-43B9-A8C4-50ED7B5CC349}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{98A7C543-F800-4BC4-84DC-41766A984007}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{93022939-1ABB-4932-ADD9-D2D573591C41}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{EA3864B9-E007-44A6-B3C1-D0F739F2B6D9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{C9A9EDE6-80E6-4ED2-BC0F-56B37EC7351C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1C0E5685-BF14-43F7-A21C-F24DDC64F917}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{6554300D-0669-4C1D-B36F-9137F32520A7}c:\\users\\ubastank\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7sivwwn2\\gunboundrv_setup[1].exe"= UDP:c:\users\ubastank\appdata\local\microsoft\windows\temporary internet files\content.ie5\7sivwwn2\gunboundrv_setup[1].exe:gunboundrv_setup[1].exe
"UDP Query User{37226A09-9113-40F0-97C0-8395B834BAAC}c:\\users\\ubastank\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\7sivwwn2\\gunboundrv_setup[1].exe"= TCP:c:\users\ubastank\appdata\local\microsoft\windows\temporary internet files\content.ie5\7sivwwn2\gunboundrv_setup[1].exe:gunboundrv_setup[1].exe
"TCP Query User{05777687-603F-4DA5-A8D8-3E342FF709D3}c:\\ijji\\english\\u_gbound.exe"= UDP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"UDP Query User{37BCD079-2CCB-4A6D-9760-766C6D1C7FB1}c:\\ijji\\english\\u_gbound.exe"= TCP:c:\ijji\english\u_gbound.exe:<ijji Downloader>
"TCP Query User{766C0D29-0B6C-404D-A60D-AAAD038AFB35}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= UDP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound
"UDP Query User{F614E494-1B17-4B8E-9D39-6152F07EE143}c:\\ijji\\english\\gunbound revolution\\gunbound.gme"= TCP:c:\ijji\english\gunbound revolution\gunbound.gme:GunBound

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 NSUService;NSUService;"c:\program files\Sony\Network Utility\NSUService.exe" [2007-10-25 200704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-24 24652]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-08-26 812544]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-06-18 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-12 38496]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-10-25 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-10-25 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;"c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [2007-08-26 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;"c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe" [2007-08-26 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4f87c27-2191-11dd-97f8-001a801ba5b8}]
\shell\AutoRun\command - Autorun.exe /run
\shell\Shell00\Command - Autorun.exe /run
\shell\Shell01\Command - Autorun.exe /action
\shell\Shell02\Command - Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2008-12-31 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\users\Ubastank\AppData\Roaming\Mozilla\Firefox\Profiles\1ohicfef.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 15:38:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\combofix\hidec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\System32\dllhost.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Completion time: 2008-12-31 15:45:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 23:44:03
ComboFix2.txt 2008-12-31 08:33:11
ComboFix3.txt 2008-12-30 10:34:52

Pre-Run: 20,826,603,520 bytes free
Post-Run: 20,566,343,680 bytes free

561 --- E O F --- 2008-12-31 12:06:59


I also did the online scanner, but it did not give me a report. It said that there was no infections detected.

#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:01 AM

Posted 31 December 2008 - 10:10 PM

Hi, Shadowlink. :thumbsup:

Congratulations.Posted Image

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click Vista START button.
  • Now type Combofix /u in the Search box and press Ctrl+Shift+Enter. Note the space between the x and the /u, it needs to be there.
The following is a list of tools and utilities that I like to suggest to people. Make sure they are Vista Compatible.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein and this one by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Shadowlink

Shadowlink
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 01 January 2009 - 11:12 PM

Finally, I got the virus out. I really want to thank you for all the help you've given me. I spent nights trying to get the stupid thing out, but couldn't. I really appreciate the help. Thank you so much.

Also, Is there anyway I could possibly submit any feedback about your help to the site. I would also like to donate to you, for the help.

Thank you for taking the time to help me,

Shadow.

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:01 AM

Posted 02 January 2009 - 01:10 AM

Your satisfaction is our satisfaction.

Thank You!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:01 AM

Posted 04 January 2009 - 07:01 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users