Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Explorerr 7 flashes and Quits when Started


  • This topic is locked This topic is locked
65 replies to this topic

#1 echeckpost

echeckpost

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 02 January 2009 - 11:28 AM

When I double click (or start -> IE7) , the browser starts, flashes and quits. Cannot figure out how to fix this.


I am posting the DDS.txt and ATTACH.TXT logs


DDS.TXT log

DDS (Version 1.1.0) - NTFSx86
Run by Arvinda at 16:13:31.84 on Fri 01/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.417 [GMT 0:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
c:\oracle\ora92\bin\ORACLE.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\explorer.exe
F:\dds.scr
C:\WINDOWS\system32\HPZipm12.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\windows\drivers\audio driver\config\AzMixerSel.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_04\bin\jusched.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SpyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter3.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spysub~1.lnk - c:\program files\intermute\spysubtract\SpySub.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: VESWinlogon - VESWinlogon.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2006-5-6 9344]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-1-25 112144]
R1 klif;Klif;\??\c:\windows\system32\drivers\klif.sys [2007-6-27 194320]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2006-5-6 434944]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;"c:\oracle\ora92\apache\apache\apache.exe" --ntservice [2002-4-19 4096]
R2 OracleServiceDB0002;OracleServiceDB0002;c:\oracle\ora92\bin\ORACLE.EXE DB0002 []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-11-5 24652]
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2005-7-13 16194]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-4-4 24344]
S2 AVP;Kaspersky Anti-Virus 7.0;"c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe" -r [2007-6-28 218376]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB []
S2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-4-26 28944]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\ENCSVC.EXE [2002-2-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\AGNTSVC.EXE [2002-2-13 254464]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB []

=============== Created Last 30 ================


==================== Find3M ====================

2009-01-02 15:19 64,032 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-01-02 14:54 4,377,888 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-18 08:40 6,644 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2008-12-18 08:40 58,364 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-11-10 18:55 96,976 a------- c:\windows\system32\drivers\klin.dat
2008-11-10 18:55 87,855 a------- c:\windows\system32\drivers\klick.dat
2008-10-29 14:44 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 22:24 19,854 a------- c:\windows\vidova.vbs
2008-10-24 22:24 19,607 a------- c:\docume~1\alluse~1\applic~1\umidyzam.vbs
2008-10-24 22:24 16,795 a------- c:\docume~1\alluse~1\applic~1\mehojydut.dat
2008-10-24 22:24 16,737 a------- c:\docume~1\arvinda\applic~1\eqoto.exe
2008-10-24 22:24 16,366 a------- c:\windows\himyry.dat
2008-10-24 22:24 14,944 a------- c:\windows\system32\ruroni.sys
2008-10-24 22:24 13,754 a------- c:\windows\system32\ipurux.bat
2008-10-24 22:24 12,983 a------- c:\docume~1\arvinda\applic~1\fukyce.dll
2008-10-24 22:24 12,658 a------- c:\windows\utevocahe.bat
2008-10-24 22:24 11,625 a------- c:\windows\system32\fehyq.sys
2008-10-24 22:24 11,292 a------- c:\windows\kaluryn.dat
2008-10-24 20:31 19,563 a------- c:\windows\system32\lepezabysy.com
2008-10-24 20:31 18,125 a------- c:\windows\tupa.exe
2008-10-24 20:31 17,720 a------- c:\windows\rahe.pif
2008-10-24 20:31 16,711 a------- c:\docume~1\alluse~1\applic~1\yjyvyg.pif
2008-10-24 20:31 14,387 a------- c:\docume~1\alluse~1\applic~1\bepyfeze.com
2008-10-24 20:31 13,597 a------- c:\windows\eboxys.vbs
2008-10-24 07:41 16,395 a------- c:\windows\system32\fahin.dll
2008-10-24 07:41 15,836 a------- c:\windows\system32\xiry.vbs
2008-10-24 07:41 13,153 a------- c:\windows\damyjudov.bin
2008-10-24 07:41 11,193 a------- c:\windows\system32\okoguhusu.exe
2008-10-24 07:41 10,496 a------- c:\windows\system32\icohemum.pif
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2006-04-23 17:28 21,254,280 a------- c:\documents and settings\arvinda\AdbeRdr707_en_US.exe
2006-04-23 17:28 7,050,552 a------- c:\documents and settings\arvinda\psa30se_en_us.exe
2006-04-23 17:27 762,512 a------- c:\documents and settings\arvinda\ytb612_efgsip.exe
2008-04-06 18:47 56 ---shr-- c:\windows\system32\2F3912F6D3.sys
2008-04-06 18:47 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-02 16:13 4,379,680 a--sh--- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 16:13:47.23 ===============


ATTACH.TXT

attached

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 08 January 2009 - 12:21 PM

Hi echeckpost,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 mount and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 08 January 2009 - 10:26 PM

Thank you assisting me.

1. I have not run any tool since I posted the information. I have not any changes. The problem is till there.

2. Here are the contents of the log.txt.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Arvinda at 2009-01-09 03:16:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 51 GB (73%) free of 70 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:13 AM, on 1/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
c:\oracle\ora92\bin\ORACLE.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wuauclt.exe
F:\RSIT(2).exe
C:\Program Files\trend micro\Arvinda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\WINDOWS\Drivers\AUDIO DRIVER\Config\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144835741703
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: MSSQL$VAIO_VEDB - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDB0002 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SQLAgent$VAIO_VEDB - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Unknown owner - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (file missing)
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (file missing)
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (file missing)
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Windows Media Connect (WMC) Helper (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)

--
End of file - 12942 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-29 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-29 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-29 114688]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-08 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-06-29 14720000]
"AzMixerSel"=C:\WINDOWS\Drivers\AUDIO DRIVER\Config\AzMixerSel.exe [2005-04-29 45056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [2005-06-03 36975]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-05-15 184320]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-01-14 151552]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-06-09 6746112]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2005-01-31 192512]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2005-01-21 167936]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2002-07-10 1048576]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-09-10 864256]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\SpySub.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-29 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-21 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-02 15:47:05 ----SHD---- C:\RECYCLER
2009-01-02 14:53:52 ----D---- C:\WINDOWS\temp
2009-01-02 14:53:50 ----A---- C:\ComboFix.txt
2008-12-13 13:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 13:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 13:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 13:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-14 03:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 03:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-14 03:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-14 03:01:38 ----D---- C:\Program Files\MSXML 4.0
2008-11-10 13:43:01 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-10 13:42:55 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-10 13:42:13 ----D---- C:\Program Files\Microsoft.NET
2008-11-10 13:42:13 ----D---- C:\Program Files\Common Files\ODBC
2008-10-30 00:49:24 ----D---- C:\WINDOWS\pss
2008-10-30 00:28:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 20:06:24 ----D---- C:\Program Files\Lavasoft
2008-10-29 20:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-29 20:04:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-29 19:06:50 ----D---- C:\_OTMoveIt
2008-10-29 18:29:00 ----A---- C:\Boot.bak
2008-10-29 18:28:52 ----RASHD---- C:\cmdcons
2008-10-29 18:15:20 ----D---- C:\Program Files\trend micro
2008-10-29 18:15:19 ----D---- C:\rsit
2008-10-29 18:11:37 ----A---- C:\WINDOWS\zip.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\VFIND.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\SWSC.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\SWREG.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\sed.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\grep.exe
2008-10-29 18:11:37 ----A---- C:\WINDOWS\fdsv.exe
2008-10-29 18:11:29 ----D---- C:\WINDOWS\ERDNT
2008-10-29 18:11:29 ----D---- C:\Qoobox
2008-10-29 16:50:05 ----D---- C:\Documents and Settings\Arvinda\Application Data\Malwarebytes
2008-10-29 16:49:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 16:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-29 16:17:43 ----D---- C:\WINDOWS\Prefetch
2008-10-29 14:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-29 14:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-29 14:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-29 14:47:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-29 14:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-29 14:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-29 14:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-29 14:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-29 14:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-29 14:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-29 14:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-29 14:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-29 14:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-29 14:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-29 14:46:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-29 14:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-29 14:40:35 ----D---- C:\Program Files\Messenger
2008-10-29 14:40:05 ----D---- C:\WINDOWS\system32\scripting
2008-10-29 14:40:01 ----D---- C:\WINDOWS\l2schemas
2008-10-29 14:40:00 ----D---- C:\WINDOWS\system32\en
2008-10-29 14:40:00 ----D---- C:\Program Files\msn
2008-10-29 14:39:59 ----D---- C:\WINDOWS\system32\bits
2008-10-29 14:35:58 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-29 14:31:48 ----D---- C:\WINDOWS\network diagnostic
2008-10-29 14:25:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-29 14:23:46 ----D---- C:\WINDOWS\EHome
2008-10-29 14:08:55 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-24 23:05:35 ----D---- C:\Program Files\Kaspersky Lab
2008-10-24 23:05:35 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-24 22:24:36 ----A---- C:\WINDOWS\vidova.vbs
2008-10-24 22:24:36 ----A---- C:\WINDOWS\utevocahe.bat
2008-10-24 22:24:36 ----A---- C:\WINDOWS\system32\ipurux.bat
2008-10-24 22:24:36 ----A---- C:\Documents and Settings\Arvinda\Application Data\fukyce.dll
2008-10-24 22:24:36 ----A---- C:\Documents and Settings\Arvinda\Application Data\eqoto.exe
2008-10-24 22:24:36 ----A---- C:\Documents and Settings\All Users\Application Data\umidyzam.vbs
2008-10-24 21:48:56 ----D---- C:\Program Files\Enigma Software Group
2008-10-24 20:31:38 ----A---- C:\WINDOWS\tupa.exe
2008-10-24 20:31:38 ----A---- C:\WINDOWS\eboxys.vbs
2008-10-24 20:31:38 ----A---- C:\Documents and Settings\All Users\Application Data\bepyfeze.com
2008-10-24 20:31:37 ----A---- C:\WINDOWS\system32\lepezabysy.com
2008-10-24 20:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-24 19:47:29 ----D---- C:\KAV
2008-10-24 07:41:58 ----A---- C:\WINDOWS\system32\xiry.vbs
2008-10-24 07:41:58 ----A---- C:\WINDOWS\system32\okoguhusu.exe
2008-10-24 07:41:58 ----A---- C:\WINDOWS\system32\fahin.dll
2008-10-18 02:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-18 02:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 02:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-18 02:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-18 02:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$

======List of files/folders modified in the last 3 months======

2009-01-05 15:27:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 15:27:05 ----D---- C:\WINDOWS\system32\Lang
2009-01-05 15:27:04 ----D---- C:\WINDOWS\system32
2009-01-03 02:33:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 14:53:52 ----D---- C:\WINDOWS
2009-01-02 14:52:06 ----A---- C:\WINDOWS\system.ini
2009-01-02 14:49:55 ----D---- C:\WINDOWS\system32\drivers
2009-01-02 14:49:52 ----D---- C:\WINDOWS\AppPatch
2009-01-02 14:49:52 ----D---- C:\Program Files\Common Files
2009-01-02 14:33:35 ----RD---- C:\Program Files
2008-12-13 13:09:05 ----HD---- C:\WINDOWS\inf
2008-12-13 13:08:29 ----HD---- C:\Config.Msi
2008-12-13 13:08:28 ----SHD---- C:\WINDOWS\Installer
2008-12-13 13:08:12 ----A---- C:\WINDOWS\win.ini
2008-12-13 13:06:44 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 13:06:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-13 13:06:12 ----D---- C:\Program Files\Internet Explorer
2008-12-13 13:05:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 12:58:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-21 01:49:29 ----D---- C:\WINDOWS\Help
2008-11-15 11:07:47 ----D---- C:\WINDOWS\twain_32
2008-11-15 10:59:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-15 10:58:41 ----D---- C:\Program Files\Microsoft Office
2008-11-15 10:54:34 ----D---- C:\WINDOWS\system32\wbem
2008-11-15 10:54:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 10:54:24 ----SD---- C:\Documents and Settings\Arvinda\Application Data\Microsoft
2008-11-14 03:01:39 ----D---- C:\WINDOWS\WinSxS
2008-11-10 14:29:27 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-10 13:42:27 ----D---- C:\Program Files\Common Files\System
2008-10-30 00:53:04 ----RASH---- C:\boot.ini
2008-10-30 00:28:55 ----D---- C:\Documents and Settings
2008-10-29 20:22:15 ----D---- C:\WINDOWS\Drivers
2008-10-29 18:36:59 ----D---- C:\WINDOWS\system32\config
2008-10-29 16:20:54 ----D---- C:\Program Files\Windows Media Player
2008-10-29 16:18:21 ----A---- C:\WINDOWS\setuplog.txt
2008-10-29 16:16:59 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 16:16:54 ----RSD---- C:\WINDOWS\Fonts
2008-10-29 16:15:54 ----D---- C:\WINDOWS\security
2008-10-29 14:50:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-29 14:40:30 ----D---- C:\WINDOWS\ime
2008-10-29 14:40:06 ----D---- C:\WINDOWS\system32\usmt
2008-10-29 14:40:06 ----D---- C:\WINDOWS\system32\en-US
2008-10-29 14:40:02 ----D---- C:\Program Files\Movie Maker
2008-10-29 14:39:59 ----D---- C:\WINDOWS\PeerNet
2008-10-29 14:35:48 ----D---- C:\WINDOWS\system32\Restore
2008-10-29 14:35:48 ----D---- C:\WINDOWS\system32\npp
2008-10-29 14:35:45 ----D---- C:\WINDOWS\msagent
2008-10-29 14:35:42 ----D---- C:\WINDOWS\srchasst
2008-10-29 14:35:38 ----D---- C:\Program Files\NetMeeting
2008-10-29 14:35:35 ----D---- C:\WINDOWS\system32\Com
2008-10-29 14:35:30 ----D---- C:\Program Files\Windows NT
2008-10-29 14:35:30 ----D---- C:\Program Files\Outlook Express
2008-10-29 14:34:57 ----D---- C:\WINDOWS\system32\oobe
2008-10-29 14:34:52 ----D---- C:\WINDOWS\system
2008-10-29 14:29:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-29 12:34:59 ----D---- C:\Program Files\Google
2008-10-29 12:34:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-24 22:33:50 ----D---- C:\Program Files\Common Files\Sony Shared
2008-10-24 20:09:53 ----D---- C:\Program Files\Viewpoint
2008-10-24 20:09:51 ----HD---- C:\Program Files\Uninstall Information
2008-10-24 20:09:44 ----D---- C:\Program Files\Sony
2008-10-24 20:05:03 ----D---- C:\Program Files\Microsoft Works
2008-10-24 19:53:37 ----D---- C:\Program Files\ItsDeductible2005
2008-10-24 19:53:29 ----D---- C:\Program Files\Intel
2008-10-24 19:52:31 ----D---- C:\Program Files\CorelPaintShopProX
2008-10-24 19:51:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-24 19:50:42 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-24 19:50:22 ----D---- C:\Program Files\Common Files\Adobe
2008-10-24 19:48:39 ----D---- C:\Program Files\Apoint
2008-10-24 19:48:38 ----D---- C:\Program Files\Ahead
2008-10-24 19:48:30 ----D---- C:\Program Files\Adobe
2008-10-23 12:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 10:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-17 02:08:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-10-16 20:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 20:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 20:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 20:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 20:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 20:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 20:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 07:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-11 18:55:02 ----D---- C:\Documents and Settings\Arvinda\Application Data\Real
2008-10-11 18:50:10 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-07-13 17801]
R2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-10 434944]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-05-03 11354]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AWINDIS5;AWINDIS5 Protocol Driver; \??\C:\WINDOWS\system32\AWINDIS5.SYS []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-05-23 1034752]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-05-23 178048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-06-09 3192192]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-10 48896]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2005-06-10 76800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-04-30 3281408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-23 716288]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-29 1050140]
S3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2005-02-11 456448]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYTVC;Sony MPEG RR-Engine; C:\WINDOWS\system32\DRIVERS\SONYTVC.sys [2005-03-18 237568]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-29 611664]
R2 AVP;Kaspersky Anti-Virus 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [2007-06-28 218376]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-06-03 86016]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-06-09 127044]
R2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe [2002-04-30 57603]
R2 OracleOraHome92Agent;OracleOraHome92Agent; C:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer; C:\oracle\ora92\Apache\Apache\apache.exe [2002-04-19 4096]
R2 OracleOraHome92TNSListener;OracleOraHome92TNSListener; C:\oracle\ora92\BIN\TNSLSNR []
R2 OracleServiceDB0002;OracleServiceDB0002; c:\oracle\ora92\bin\ORACLE.EXE [2002-05-14 29475088]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-06-03 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-06-03 372809]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-21 153600]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-09 143360]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-06-15 270336]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe []
S2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe []
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-27 242328]
S3 OracleOraHome92PagingServer;OracleOraHome92PagingServer; C:\oracle\ora92/bin/pagntsrv.exe [2002-08-20 49152]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator; C:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent; C:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe []
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe []
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe []
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe []
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe []
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe []
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot=SOFTWARE\Sony Corporation\VAIO Media Platform\2.0 /RegExt=Applications\IntegratedServer\HTTP []
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe []
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot=SOFTWARE\Sony Corporation\VAIO Media Platform\2.0 /RegExt=\Addons\Packages\Mobile\Gateway /DisplayName=VAIO Media Gateway Server []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe []
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe []

-----------------EOF-----------------
eCheckPost

I want to earn Passcode for Bleeping computer Training

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 09 January 2009 - 07:27 AM

Hi again,

Please perform the steps in the order they are written and proceed to the next step only if one step is done.
  • Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK: notepad C:\ComboFix.txt
    • A text file opens, copy and paste the content to your reply.
  • Please open HiJackThis (if you don't know how go to start -> Run and type in the run box: Arvinda.exe and press Enter) and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Run Internet Explorer in "No Add-ons" Mode:
    • Close Internet Explorer if it is running.
    • Go to start > Run.
    • Copy/paste in the run box: iexplore.exe -extoff
    • Click OK or press Enter.
    • See how Internet Explorer is running in that mode and tell me about it.
      Note: When you close Internet Explorer and restart it again it will again function in normal mode with all Add-ons
  • The computer looks to be infected before, could you give me a descriptions of the problem.

  • I see a lot of services on hijackthis without the actual file. Tell me if it is due to uninstalling those softwares of any other reason.


#5 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 January 2009 - 09:19 AM

1. As requested, here is the output of the combofix.txt

ComboFix 09-01-01.02 - Arvinda 2009-01-02 14:46:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.442 [GMT 0:00]
Running from: F:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 14:51 63,776 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-02 14:51 4,349,216 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-02 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-18 08:40 6,644 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-12-18 08:40 58,364 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-14 03:01 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 18:55 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-10 18:55 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-10 17:50 --------- d-----w c:\program files\Kaspersky Lab
2008-11-10 13:43 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-10 13:42 --------- d-----w c:\program files\Microsoft.NET
2008-10-24 22:24 19,854 ----a-w c:\windows\vidova.vbs
2008-10-24 22:24 19,607 ----a-w c:\documents and settings\All Users\Application Data\umidyzam.vbs
2008-10-24 22:24 16,795 ----a-w c:\documents and settings\All Users\Application Data\mehojydut.dat
2008-10-24 22:24 16,737 ----a-w c:\documents and settings\Arvinda\Application Data\eqoto.exe
2008-10-24 22:24 14,944 ----a-w c:\windows\system32\ruroni.sys
2008-10-24 22:24 13,754 ----a-w c:\windows\system32\ipurux.bat
2008-10-24 22:24 12,983 ----a-w c:\documents and settings\Arvinda\Application Data\fukyce.dll
2008-10-24 22:24 12,658 ----a-w c:\windows\utevocahe.bat
2008-10-24 22:24 11,625 ----a-w c:\windows\system32\fehyq.sys
2008-10-24 20:31 19,563 ----a-w c:\windows\system32\lepezabysy.com
2008-10-24 20:31 18,125 ----a-w c:\windows\tupa.exe
2008-10-24 20:31 17,720 ----a-w c:\windows\rahe.pif
2008-10-24 20:31 16,711 ----a-w c:\documents and settings\All Users\Application Data\yjyvyg.pif
2008-10-24 20:31 14,387 ----a-w c:\documents and settings\All Users\Application Data\bepyfeze.com
2008-10-24 20:31 13,597 ----a-w c:\windows\eboxys.vbs
2008-10-24 07:41 16,395 ----a-w c:\windows\system32\fahin.dll
2008-10-24 07:41 15,836 ----a-w c:\windows\system32\xiry.vbs
2008-10-24 07:41 13,153 ----a-w c:\windows\damyjudov.bin
2008-10-24 07:41 11,193 ----a-w c:\windows\system32\okoguhusu.exe
2008-10-24 07:41 10,496 ----a-w c:\windows\system32\icohemum.pif
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2006-04-23 17:28 7,050,552 ----a-w c:\documents and settings\Arvinda\psa30se_en_us.exe
2006-04-23 17:28 21,254,280 ----a-w c:\documents and settings\Arvinda\AdbeRdr707_en_US.exe
2006-04-23 17:27 762,512 ----a-w c:\documents and settings\Arvinda\ytb612_efgsip.exe
2008-04-06 18:47 56 --sh--r c:\windows\system32\2F3912F6D3.sys
2008-04-06 18:47 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-29_18.46.50.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 13:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\$NtUninstallKB954459$\msxml6.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll
+ 2008-04-14 00:12:01 1,104,896 -c----w c:\windows\$NtUninstallKB955069$\msxml3.dll
+ 2007-11-30 11:18:51 231,288 -c----w c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2008-07-09 13:08:38 382,840 -c----w c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2008-04-13 19:17:01 456,576 -c----w c:\windows\$NtUninstallKB957097$\mrxsmb.sys
+ 2008-07-08 13:02:02 231,288 -c----w c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe
+ 2008-07-08 13:02:12 382,840 -c----w c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2007-08-23 00:03:38 1,195,888 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119910000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2008-11-14 03:01:41 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-09-11 02:04:56 20,240 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-13 12:58:31 20,240 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-11 02:04:56 217,864 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-13 12:58:32 217,864 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-11 02:04:56 18,704 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-13 12:58:31 18,704 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-09-11 02:04:56 35,088 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-13 12:58:33 35,088 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-11 02:04:56 272,648 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-13 12:58:30 272,648 ----a-r c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-18 02:03:07 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-13 13:08:17 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-10-18 02:03:06 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-13 13:08:17 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-10-18 02:03:07 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-13 13:08:17 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-10-18 02:03:07 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-13 13:08:17 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-10-18 02:03:07 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-13 13:08:18 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-10-18 02:03:07 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-13 13:08:18 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-10-18 02:03:07 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-12-13 13:08:17 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-10-18 02:03:07 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-13 13:08:18 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-10-18 02:03:06 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-13 13:08:17 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-10-18 02:03:06 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-13 13:08:16 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-29 16:18:08 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 14:26:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-29 16:18:08 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 14:26:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-26 07:24:28 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c--a-w c:\windows\system32\dllcache\advpack.dll
- 2008-07-18 21:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 14:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c--a-w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-11 08:45:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 09:17:42 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-10-24 11:21:09 455,296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-17 02:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-09-04 17:15:04 1,106,944 -c----w c:\windows\system32\dllcache\msxml3.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-08-26 07:24:30 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c--a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c--a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c--a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2004-08-11 08:45:04 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 11:37:02 1,026,048 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-10 11:57:40 2,364,472 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-18 21:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 14:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 21:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 14:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 21:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 14:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 21:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 14:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 21:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 14:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 21:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 14:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-04-29 11:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 11:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
- 2007-01-25 18:27:38 109,848 ----a-w c:\windows\system32\drivers\kl1.sys
+ 2008-10-29 19:29:58 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
- 2007-01-27 16:52:46 175,888 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-11-10 18:58:18 194,320 ----a-w c:\windows\system32\drivers\klif.sys
+ 2007-04-04 14:58:26 24,344 ----a-w c:\windows\system32\drivers\klim5.sys
- 2008-04-13 19:17:01 456,576 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:21:09 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-04-29 11:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2007-01-29 22:04:00 200,768 ----a-w c:\windows\system32\klogon.dll
+ 2007-06-28 12:51:48 206,088 ----a-w c:\windows\system32\klogon.dll
- 2004-08-11 08:45:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 09:17:42 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-05-16 11:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
- 2007-04-09 12:23:54 28,040 ----a-w c:\windows\system32\mdimon.dll
+ 2007-04-09 13:23:54 28,040 ----a-w c:\windows\system32\mdimon.dll
- 2008-10-07 12:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 02:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 15:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 16:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-10-29 16:22:21 61,558 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 10:54:33 61,558 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-29 16:22:21 401,652 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 10:54:34 401,652 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 14:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 14:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-04-09 12:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 13:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2007-04-09 12:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 13:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
- 2007-04-09 12:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 13:24:04 758,664 ----a-w c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
- 2007-04-09 12:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 13:23:58 46,472 ----a-w c:\windows\system32\spool\drivers\w32x86\mdiui.dll
- 2007-04-09 12:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 13:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2004-08-11 08:45:04 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 11:37:02 1,026,048 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-10 11:57:40 2,364,472 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-09-30 16:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 16:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"AzMixerSel"="c:\windows\Drivers\AUDIO DRIVER\Config\AzMixerSel.exe" [2005-04-29 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-07-10 1048576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\DRIVERS\bsstor.sys [2006-05-06 9344]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\BsUDF.sys [2006-05-06 434944]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;"c:\oracle\ora92\Apache\Apache\apache.exe" --ntservice [2002-04-19 4096]
R2 OracleServiceDB0002;OracleServiceDB0002;c:\oracle\ora92\bin\ORACLE.EXE DB0002 []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-05 24652]
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\c:\windows\system32\AWINDIS5.SYS [2005-07-13 16194]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S2 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 14:51:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1388)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 2009-01-02 14:53:48
ComboFix-quarantined-files.txt 2009-01-02 14:53:23
ComboFix2.txt 2008-10-30 01:10:58
ComboFix3.txt 2008-10-29 18:47:30

Pre-Run: 51,377,926,144 bytes free
Post-Run: 53,645,602,816 bytes free

478 --- E O F --- 2008-12-13 13:09:05

Step 2:

I get the following error:

Windows cannot find 'Arvinda.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click Search

Step 6 and 7

# The laptop looks to be infected before, could you give me a descriptions of the problem.
  • cannot open IE explorer
  • computer running slow
  • computer crashing unexpectedly
  • computer hanging in the middle for no apparent reason (reboot required)
# I see a lot of services on hijackthis without the actual file. Tell me if it is due to uninstalling those softwares of any other reason.

Teenager uses this laptop. Downloads all programs, constant install, de-install. really want to clean this laptop, so it runs smoothly

Edited by echeckpost, 09 January 2009 - 10:11 AM.

eCheckPost

I want to earn Passcode for Bleeping computer Training

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 09 January 2009 - 11:36 AM

Hi again,

Please perform the steps in the order they are written and proceed to the next step only if one step is done.


So we will do it step by step from now on to avoid redoing it. You have run combofix 3 times, we need the first log.
  • Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK: notepad C:\Qoobox\ComboFix3.txt
    • A text file opens, copy and paste the content to your reply.
  • Please open HiJackThis (if you don't know how go to start -> Run and type in the run box: C:\Program Files\trend micro\Arvinda.exe and press Enter) and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Run Hijackthis again. Click Do a system scan and save the log file copy and paste the log to your reply.


#7 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 January 2009 - 12:16 PM

1. Combofix3 log contents

ComboFix 08-10-29.07 - Arvinda 2008-10-29 18:32:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.497 [GMT 0:00]
Running from: C:\Documents and Settings\Arvinda\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Arvinda\Cookies\cihydyzy.reg
C:\Documents and Settings\Arvinda\Cookies\ecabev.scr
C:\Documents and Settings\Arvinda\Cookies\niciwu.bat
C:\Documents and Settings\Arvinda\Cookies\ovej.dl
C:\Documents and Settings\Arvinda\Cookies\xuvocamuxi.scr
C:\Documents and Settings\Arvinda\Cookies\yzofus.db
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\eniwow.inf
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\ewymyn._dl
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\jehozu._dl
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\locihyqa.db
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\olibiwoji.scr
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\qemu.dll
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\qovalip.bin
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\tywavi.bin
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\yculez.bat
C:\Documents and Settings\Arvinda\Local Settings\Temporary Internet Files\yqosojy.inf
C:\WINDOWS\regsvr.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\W020T32W.DLL
C:\WINDOWS\system32\W021T32W.DLL

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-29 )))))))))))))))))))))))))))))))
.

2008-10-29 18:15 . 2008-10-29 18:15 <DIR> d-------- C:\rsit
2008-10-29 18:15 . 2008-10-29 18:15 <DIR> d-------- C:\Program Files\trend micro
2008-10-29 16:50 . 2008-10-29 16:50 <DIR> d-------- C:\Documents and Settings\Arvinda\Application Data\Malwarebytes
2008-10-29 16:49 . 2008-10-29 16:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 16:49 . 2008-10-29 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 16:49 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 16:49 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-29 14:40 . 2008-10-29 14:40 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-29 14:40 . 2008-10-29 14:40 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-29 14:40 . 2008-10-29 14:40 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-29 14:39 . 2008-10-29 14:39 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-29 14:35 . 2008-10-29 14:40 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-29 14:23 . 2008-10-29 14:23 <DIR> d-------- C:\WINDOWS\EHome
2008-10-29 14:08 . 2008-10-29 14:08 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-24 23:05 . 2008-10-24 23:05 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-24 23:05 . 2008-10-29 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-24 23:05 . 2008-10-29 18:41 2,420,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-24 23:05 . 2008-10-24 23:05 74,908 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-24 23:05 . 2008-10-24 23:05 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-24 23:05 . 2008-10-29 18:40 56,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-24 23:05 . 2008-10-29 18:37 29,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-24 23:05 . 2008-10-29 18:37 6,308 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-24 22:24 . 2008-10-24 22:24 19,854 --a------ C:\WINDOWS\vidova.vbs
2008-10-24 22:24 . 2008-10-24 22:24 19,607 --a------ C:\Documents and Settings\All Users\Application Data\umidyzam.vbs
2008-10-24 22:24 . 2008-10-24 22:24 16,795 --a------ C:\Documents and Settings\All Users\Application Data\mehojydut.dat
2008-10-24 22:24 . 2008-10-24 22:24 16,737 --a------ C:\Documents and Settings\Arvinda\Application Data\eqoto.exe
2008-10-24 22:24 . 2008-10-24 22:24 16,578 --a------ C:\WINDOWS\owaquk.lib
2008-10-24 22:24 . 2008-10-24 22:24 16,366 --a------ C:\WINDOWS\himyry.dat
2008-10-24 22:24 . 2008-10-24 22:24 14,944 --a------ C:\WINDOWS\system32\ruroni.sys
2008-10-24 22:24 . 2008-10-24 22:24 13,914 --a------ C:\WINDOWS\iwyvykeh._dl
2008-10-24 22:24 . 2008-10-24 22:24 13,754 --a------ C:\WINDOWS\system32\ipurux.bat
2008-10-24 22:24 . 2008-10-24 22:24 12,983 --a------ C:\Documents and Settings\Arvinda\Application Data\fukyce.dll
2008-10-24 22:24 . 2008-10-24 22:24 12,658 --a------ C:\WINDOWS\utevocahe.bat
2008-10-24 22:24 . 2008-10-24 22:24 11,625 --a------ C:\WINDOWS\system32\fehyq.sys
2008-10-24 22:24 . 2008-10-24 22:24 11,292 --a------ C:\WINDOWS\kaluryn.dat
2008-10-24 21:48 . 2008-10-24 21:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-24 20:31 . 2008-10-24 20:31 19,563 --a------ C:\WINDOWS\system32\lepezabysy.com
2008-10-24 20:31 . 2008-10-24 20:31 18,125 --a------ C:\WINDOWS\tupa.exe
2008-10-24 20:31 . 2008-10-24 20:31 18,004 --a------ C:\WINDOWS\system32\aqyjol.dl
2008-10-24 20:31 . 2008-10-24 20:31 17,720 --a------ C:\WINDOWS\rahe.pif
2008-10-24 20:31 . 2008-10-24 20:31 17,681 --a------ C:\WINDOWS\akufu.db
2008-10-24 20:31 . 2008-10-24 20:31 16,711 --a------ C:\Documents and Settings\All Users\Application Data\yjyvyg.pif
2008-10-24 20:31 . 2008-10-24 20:31 14,387 --a------ C:\Documents and Settings\All Users\Application Data\bepyfeze.com
2008-10-24 20:31 . 2008-10-24 20:31 13,597 --a------ C:\WINDOWS\eboxys.vbs
2008-10-24 20:31 . 2008-10-24 20:31 13,292 --a------ C:\WINDOWS\tubygaf._dl
2008-10-24 20:31 . 2008-10-24 20:31 13,209 --a------ C:\WINDOWS\jenejiv.db
2008-10-24 20:31 . 2008-10-24 20:31 12,759 --a------ C:\WINDOWS\asiquruja.lib
2008-10-24 19:47 . 2008-10-24 19:47 <DIR> d-------- C:\KAV
2008-10-24 19:12 . 2008-10-15 16:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 07:41 . 2008-10-24 07:41 18,839 --a------ C:\WINDOWS\celazogof.ban
2008-10-24 07:41 . 2008-10-24 07:41 16,395 --a------ C:\WINDOWS\system32\fahin.dll
2008-10-24 07:41 . 2008-10-24 07:41 15,836 --a------ C:\WINDOWS\system32\xiry.vbs
2008-10-24 07:41 . 2008-10-24 07:41 14,532 --a------ C:\WINDOWS\ozapovowe._sy
2008-10-24 07:41 . 2008-10-24 07:41 13,153 --a------ C:\WINDOWS\damyjudov.bin
2008-10-24 07:41 . 2008-10-24 07:41 11,193 --a------ C:\WINDOWS\system32\okoguhusu.exe
2008-10-24 07:41 . 2008-10-24 07:41 10,496 --a------ C:\WINDOWS\system32\icohemum.pif
2008-10-17 19:25 . 2008-09-08 10:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 19:23 . 2008-08-14 10:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 19:23 . 2008-08-14 10:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 19:23 . 2008-08-14 09:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 19:23 . 2008-08-14 09:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 19:23 . 2008-09-15 12:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 12:34 --------- d-----w C:\Program Files\Google
2008-10-24 22:33 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-10-24 20:09 --------- d-----w C:\Program Files\Viewpoint
2008-10-24 20:09 --------- d-----w C:\Program Files\Sony
2008-10-24 20:05 --------- d-----w C:\Program Files\Microsoft Works
2008-10-24 19:53 --------- d-----w C:\Program Files\ItsDeductible2005
2008-10-24 19:53 --------- d-----w C:\Program Files\Intel
2008-10-24 19:52 --------- d-----w C:\Program Files\CorelPaintShopProX
2008-10-24 19:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-24 19:50 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-24 19:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-24 19:48 --------- d-----w C:\Program Files\Apoint
2008-10-24 19:48 --------- d-----w C:\Program Files\Ahead
2008-09-11 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-04-23 17:28 7,050,552 ----a-w C:\Documents and Settings\Arvinda\psa30se_en_us.exe
2006-04-23 17:28 21,254,280 ----a-w C:\Documents and Settings\Arvinda\AdbeRdr707_en_US.exe
2006-04-23 17:27 762,512 ----a-w C:\Documents and Settings\Arvinda\ytb612_efgsip.exe
2008-04-06 18:47 56 --sh--r C:\WINDOWS\system32\2F3912F6D3.sys
2008-04-06 18:47 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 114688]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-08 114688]
"AzMixerSel"="C:\WINDOWS\Drivers\AUDIO DRIVER\Config\AzMixerSel.exe" [2005-04-29 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 6746112]
"VZRemoteCommander"="C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2002-07-10 1048576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-07-10 434944]
R2 OracleOraHome92Agent;OracleOraHome92Agent;C:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;C:\oracle\ora92\Apache\Apache\apache.exe [2002-04-19 4096]
R2 OracleServiceDB0002;OracleServiceDB0002;c:\oracle\ora92\bin\ORACLE.EXE DB0002 [ ]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-12 16194]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [ ]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [ ]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-27 242328]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;C:\oracle\ora92\BIN\ENCSVC.EXE [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;C:\oracle\ora92\BIN\AGNTSVC.EXE [2002-02-13 254464]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [ ]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 18:40:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="C:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="C:\oracle\ora92\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\bin\TNSLSNR.EXE
C:\oracle\ora92\bin\oracle.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\bin\isqlplus
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\ApntEx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-29 18:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-29 18:47:22

Pre-Run: 52,748,865,536 bytes free
Post-Run: 54,198,517,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

255 --- E O F --- 2008-10-29 16:40:25


2. Completed successfully

3. hijackthis logfile contents:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:11 PM, on 1/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\oracle\ora92\bin\agntsrvc.exe
C:\oracle\ora92\Apache\Apache\apache.exe
C:\WINDOWS\system32\cmd.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
c:\oracle\ora92\bin\ORACLE.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\oracle\ora92\bin\dbsnmp.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\oracle\ora92\Apache\Apache\apache.exe
C:\oracle\ora92\jdk\bin\java.exe
C:\oracle\ora92\jdk\bin\java.exe
c:\oracle\ora92\bin\isqlplus
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program files\trend micro\Arvinda.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\WINDOWS\Drivers\AUDIO DRIVER\Config\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {20B845BF-450F-4C1E-AF60-3CC380CDE328} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugi...PluginNOSSO.ocx
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144835741703
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: MSSQL$VAIO_VEDB - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceDB0002 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SQLAgent$VAIO_VEDB - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Unknown owner - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (file missing)
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (file missing)
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (file missing)
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (file missing)
O23 - Service: Windows Media Connect (WMC) (WmcCds) - Unknown owner - c:\program files\windows media connect\mswmccds.exe (file missing)
O23 - Service: Windows Media Connect (WMC) Helper (WmcCdsLs) - Unknown owner - C:\Program Files\Windows Media Connect\mswmcls.exe (file missing)

--
End of file - 12718 bytes
eCheckPost

I want to earn Passcode for Bleeping computer Training

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 09 January 2009 - 12:33 PM

  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Also remove the folder in bold: C:\Program Files\Viewpoint

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

      Note: If you have installed and run CCleaner already while doing the previous posts just run it again and then close it. To run it yo can right-click the recycle bin and select run cleaner. Or you can run it by double-clicking its shortcut.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#9 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 January 2009 - 12:54 PM

when I try to remove C:\Program Files\Viewpoint, it gives me the following error:


Cannot delete VeiwpointService.exec: access is denied.

Make sure the disk is not full or write-protected
and that the file is not currently in use


BTW, I removed all three Viewpoint programs
eCheckPost

I want to earn Passcode for Bleeping computer Training

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 09 January 2009 - 01:05 PM

Well done :thumbsup:

No problem. There might be some leftover we remove it later. It has no effect on the system though. Please proceed. Thanks for asking.

Edited by farbar, 09 January 2009 - 01:05 PM.


#11 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 January 2009 - 01:30 PM

Step 1 complate
Step 2 complete
Step 3 Complete
mbam log contents

Malwarebytes' Anti-Malware 1.32
Database version: 1635
Windows 5.1.2600 Service Pack 3

1/9/2009 6:26:50 PM
mbam-log-2009-01-09 (18-26-50).txt

Scan type: Quick Scan
Objects scanned: 61329
Time elapsed: 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
eCheckPost

I want to earn Passcode for Bleeping computer Training

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 09 January 2009 - 01:49 PM

Thanks for the feedback.

Run Internet Explorer in "No Add-ons" Mode:
  • Close Internet Explorer if it is running.
  • Go to start > Run.
  • Copy/paste in the run box: iexplore.exe -extoff
  • Click OK or press Enter.
  • See how Internet Explorer is running in that mode and tell me about it.
    Note: When you close Internet Explorer and restart it again it will again function in normal mode with all Add-ons


#13 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 January 2009 - 02:11 PM

The problem still exists.

Ie Explorerr 7 flashes and Quits when Started
eCheckPost

I want to earn Passcode for Bleeping computer Training

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:05 PM

Posted 09 January 2009 - 02:17 PM

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


  • Tell me if you have a Windows installation CD, we might need it.


#15 echeckpost

echeckpost
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 09 January 2009 - 02:36 PM

Step 1. Contents of the combo fix log

ComboFix 09-01-08.05 - Arvinda 2009-01-09 19:23:45.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.470 [GMT 0:00]
Running from: F:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-09 18:17 . 2009-01-09 18:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 18:17 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 18:17 . 2009-01-04 18:39 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-09 18:07 . 2009-01-09 18:07 <DIR> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 19:28 72,480 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-09 19:28 4,515,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-09 19:19 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-09 19:13 7,532 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-09 19:13 60,836 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-09 17:09 --------- d-----w c:\program files\trend micro
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-14 03:01 --------- d-----w c:\program files\MSXML 4.0
2008-11-10 18:55 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-10 18:55 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-10 17:50 --------- d-----w c:\program files\Kaspersky Lab
2008-11-10 13:43 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-10 13:42 --------- d-----w c:\program files\Microsoft.NET
2008-10-24 22:24 19,854 ----a-w c:\windows\vidova.vbs
2008-10-24 22:24 19,607 ----a-w c:\documents and settings\All Users\Application Data\umidyzam.vbs
2008-10-24 22:24 16,795 ----a-w c:\documents and settings\All Users\Application Data\mehojydut.dat
2008-10-24 22:24 16,737 ----a-w c:\documents and settings\Arvinda\Application Data\eqoto.exe
2008-10-24 22:24 14,944 ----a-w c:\windows\system32\ruroni.sys
2008-10-24 22:24 13,754 ----a-w c:\windows\system32\ipurux.bat
2008-10-24 22:24 12,983 ----a-w c:\documents and settings\Arvinda\Application Data\fukyce.dll
2008-10-24 22:24 12,658 ----a-w c:\windows\utevocahe.bat
2008-10-24 22:24 11,625 ----a-w c:\windows\system32\fehyq.sys
2008-10-24 20:31 19,563 ----a-w c:\windows\system32\lepezabysy.com
2008-10-24 20:31 18,125 ----a-w c:\windows\tupa.exe
2008-10-24 20:31 17,720 ----a-w c:\windows\rahe.pif
2008-10-24 20:31 16,711 ----a-w c:\documents and settings\All Users\Application Data\yjyvyg.pif
2008-10-24 20:31 14,387 ----a-w c:\documents and settings\All Users\Application Data\bepyfeze.com
2008-10-24 20:31 13,597 ----a-w c:\windows\eboxys.vbs
2008-10-24 07:41 16,395 ----a-w c:\windows\system32\fahin.dll
2008-10-24 07:41 15,836 ----a-w c:\windows\system32\xiry.vbs
2008-10-24 07:41 13,153 ----a-w c:\windows\damyjudov.bin
2008-10-24 07:41 11,193 ----a-w c:\windows\system32\okoguhusu.exe
2008-10-24 07:41 10,496 ----a-w c:\windows\system32\icohemum.pif
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
2006-04-23 17:28 7,050,552 ----a-w c:\documents and settings\Arvinda\psa30se_en_us.exe
2006-04-23 17:28 21,254,280 ----a-w c:\documents and settings\Arvinda\AdbeRdr707_en_US.exe
2006-04-23 17:27 762,512 ----a-w c:\documents and settings\Arvinda\ytb612_efgsip.exe
2008-04-06 18:47 56 --sh--r c:\windows\system32\2F3912F6D3.sys
2008-04-06 18:47 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2009-01-02_14.52.42.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 02:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2009-01-02 14:26:00 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-05 15:26:53 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-02 14:26:00 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-05 15:26:53 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-05 15:26:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-17 02:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-17 02:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-29 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-29 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-29 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]
"AzMixerSel"="c:\windows\Drivers\AUDIO DRIVER\Config\AzMixerSel.exe" [2005-04-29 45056]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-09 6746112]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2002-07-10 1048576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-09-10 864256]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 c:\windows\RTHDCPL.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 00:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2006-05-06 9344]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2005-07-13 16194]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2006-05-06 434944]
R4 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;c:\oracle\ora92\Apache\Apache\Apache.exe [2002-04-19 4096]
R4 OracleServiceDB0002;OracleServiceDB0002;c:\oracle\ora92\bin\ORACLE.EXE DB0002 --> c:\oracle\ora92\bin\ORACLE.EXE DB0002 [?]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-05 24652]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2002-02-13 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2002-02-13 254464]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
S4 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 19:28:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92PagingServer]
"ImagePath"="c:\oracle\ora92/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1392)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
.
Completion time: 2009-01-09 19:30:46
ComboFix-quarantined-files.txt 2009-01-09 19:30:41
ComboFix2.txt 2009-01-02 14:53:50
ComboFix3.txt 2008-10-30 01:10:58
ComboFix4.txt 2008-10-29 18:47:30

Pre-Run: 54,315,642,880 bytes free
Post-Run: 54,298,587,136 bytes free

196 --- E O F --- 2009-01-09 17:46:42


Step 2. I do not have Windows Installation CD. The laptop has the Key is on the lower backpanel
eCheckPost

I want to earn Passcode for Bleeping computer Training




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users