Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Naupoint and Agent.liz infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 comingdarkage

comingdarkage

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 09 April 2009 - 01:17 PM

A recent panda scan showed me that I am infected with these two malware objects. Here is my DD log, thanks:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Janice at 14:08:23.49 on Thu 04/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.240 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Network Associates\McUpdate\MCUPDATE.EXE
C:\Program Files\Common Files\Network Associates\LWI\LWI.exe
C:\Documents and Settings\TEMP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\windows\downlo~1\vzbb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\windows\downlo~1\vzbb.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Auto EPSON Stylus CX4200 Series on WINTERFELL] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /p45 "auto epson stylus cx4200 series on winterfell" /o21 "\\winterfell\EPSONSty" /M "Stylus CX4200"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\temp\applic~1\mozilla\firefox\profiles\m7n3newi.default\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\naifsrec.sys [2001-4-30 4512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-23 28544]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AvSynMgr;AVSync Manager;c:\program files\network associates\virusscan\avsynmgr.exe [2001-11-26 155665]
R3 McShield;McShield;c:\program files\common files\network associates\mcshield\mcshield.exe [2001-11-26 225403]
R3 NaiFiltr;NaiFiltr;c:\program files\common files\network associates\mcshield\naifiltr.sys [2001-11-26 23856]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\t4\locals~1\temp\fadpu16e.sys --> c:\docume~1\t4\locals~1\temp\Fadpu16E.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-17 11:22 84,835 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 14:10:56.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:28 AM

Posted 24 April 2009 - 10:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 comingdarkage

comingdarkage
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 24 April 2009 - 06:37 PM

Thanks for your reply, I understand that you folks at bleepingcomputer are busy. Not a problem! My problem has not been resolved. The only noticeable symptoms are that the computer is noticeably slow. That is what prompted me to scan (after running syscheck and defragging). Here's the DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Janice at 19:30:32.99 on Fri 04/24/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.367 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TEMP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\windows\downlo~1\vzbb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - c:\windows\downlo~1\vzbb.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CreateCD_Reminder] c:\windows\sonysys\vaio recovery\reminder.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Auto EPSON Stylus CX4200 Series on WINTERFELL] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /p45 "auto epson stylus cx4200 series on winterfell" /o21 "\\winterfell\EPSONSty" /M "Stylus CX4200"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\temp\applic~1\mozilla\firefox\profiles\m7n3newi.default\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\naifsrec.sys [2001-4-30 4512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-4-23 28544]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AvSynMgr;AVSync Manager;c:\program files\network associates\virusscan\avsynmgr.exe [2001-11-26 155665]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-3 24652]
R3 NaiFiltr;NaiFiltr;c:\program files\common files\network associates\mcshield\naifiltr.sys [2001-11-26 23856]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\t4\locals~1\temp\fadpu16e.sys --> c:\docume~1\t4\locals~1\temp\Fadpu16E.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 McShield;McShield;c:\program files\common files\network associates\mcshield\mcshield.exe [2001-11-26 225403]

=============== Created Last 30 ================

2009-04-23 18:11 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-23 18:09 <DIR> --d----- c:\program files\Panda Security
2009-04-15 06:41 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 06:41 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 06:41 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2009-01-17 11:37 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-01-17 11:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-01-17 11:36 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011720090118\index.dat
2009-01-17 11:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 19:31:27.64 ===============

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:28 AM

Posted 25 April 2009 - 02:10 PM

Hi comingdarkage,



We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.RSIT log.txt and info.txt.Thanks.

#5 comingdarkage

comingdarkage
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 28 April 2009 - 08:09 PM

Sundavis, now it is I who must apologize for the delay. I ran GMER.exe twice, and both times, the log file seems suspiciously empty. I followed the directions, but I might have some setting wrong. Please do let me know if you think I have made a mistake. Anyway, here are the results:

GMER LOG

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-28 21:01:43
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs NaiFiltr.sys

---- EOF - GMER 1.0.15 ----

RSIT log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Janice at 2009-04-28 21:04:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 48 GB (67%) free of 71 GB
Total RAM: 703 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:49 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TEMP\Desktop\RSIT.exe
C:\Program Files\trend micro\Janice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on WINTERFELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P45 "Auto EPSON Stylus CX4200 Series on WINTERFELL" /O21 "\\WINTERFELL\EPSONSty" /M "Stylus CX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O20 - AppInit_DLLs:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]
Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []
"CreateCD_Reminder"=C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe []
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe []
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe []
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe []
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe /Stationary []
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []
"EPSON Stylus CX4200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 EPSON Stylus CX4200 Series /O6 USB001 /M Stylus CX4200 []
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-06-06 936960]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2007-05-11 2061816]
"Auto EPSON Stylus CX4200 Series on WINTERFELL"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P45 Auto EPSON Stylus CX4200 Series on WINTERFELL /O21 \\WINTERFELL\EPSONSty /M Stylus CX4200 []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-28 21:04:23 ----D---- C:\Program Files\trend micro
2009-04-28 21:04:22 ----D---- C:\rsit
2009-04-23 20:39:20 ----D---- C:\Documents and Settings\TEMP\Application Data\ArcSoft
2009-04-23 18:09:55 ----D---- C:\Program Files\Panda Security
2009-04-16 16:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 16:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 16:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 16:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 16:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 16:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 06:41:18 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-03-29 21:50:57 ----D---- C:\Program Files\Apple Software Update
2009-03-29 21:50:56 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 1 months======

2009-04-28 21:04:23 ----AD---- C:\Program Files
2009-04-28 21:02:47 ----D---- C:\Program Files\Mozilla Firefox
2009-04-28 21:02:36 ----D---- C:\WINDOWS\Prefetch
2009-04-28 15:42:17 ----D---- C:\WINDOWS\Temp
2009-04-28 15:42:00 ----SD---- C:\WINDOWS\Tasks
2009-04-28 15:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-28 15:41:06 ----D---- C:\WINDOWS\Minidump
2009-04-28 15:41:06 ----D---- C:\WINDOWS
2009-04-27 06:24:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-24 19:28:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-24 18:32:56 ----D---- C:\WINDOWS\pchealth
2009-04-23 20:47:11 ----D---- C:\My Downloads
2009-04-23 20:45:16 ----D---- C:\Program Files\Amazon
2009-04-23 20:38:47 ----D---- C:\Program Files\Yahoo! Games
2009-04-23 20:38:12 ----D---- C:\Program Files\Trillian
2009-04-23 20:37:30 ----D---- C:\Program Files\Google
2009-04-23 20:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-17 08:56:47 ----D---- C:\WINDOWS\system32
2009-04-17 08:56:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 08:51:38 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 08:51:38 ----D---- C:\WINDOWS\AppPatch
2009-04-16 16:17:54 ----HD---- C:\WINDOWS\inf
2009-04-16 16:17:52 ----DC---- C:\WINDOWS\system32\dllcache
2009-04-16 16:17:46 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 16:17:28 ----D---- C:\WINDOWS\system32\en-US
2009-04-16 16:17:28 ----D---- C:\Program Files\Internet Explorer
2009-04-16 16:16:59 ----D---- C:\WINDOWS\ie7updates
2009-04-16 16:13:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-09 08:04:48 ----D---- C:\WINDOWS\system32\drivers
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-29 22:01:34 ----SHD---- C:\WINDOWS\Installer
2009-03-29 21:59:58 ----HD---- C:\Config.Msi
2009-03-29 21:56:45 ----D---- C:\Program Files\QuickTime
2009-03-29 21:54:45 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-03-29 15:51:08 ----SD---- C:\Documents and Settings\TEMP\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-09 625249]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-12-11 1042432]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys [2003-12-11 196736]
R3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2004-08-05 392544]
R3 NaiFiltr;NaiFiltr; \??\C:\Program Files\Common Files\Network Associates\McShield\NaiFiltr.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2004-05-21 65024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-12-11 681344]
S3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2004-08-03 231552]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\TEMP\LOCALS~1\Temp\aujasnkj.sys []
S3 Fadpu16E;Fadpu16E; \??\C:\DOCUME~1\T4\LOCALS~1\Temp\Fadpu16E.sys []
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-11-07 67712]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-22 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 AvSynMgr;AVSync Manager; C:\Program Files\Network Associates\VirusScan\avsynmgr.exe [2001-11-26 155665]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2004-10-25 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2004-10-25 118784]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2004-10-25 278528]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S3 McShield;McShield; C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe [2001-11-26 225403]
S3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-08-23 139264]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2004-11-03 339968]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-10-25 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2004-11-02 1826816]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2004-06-16 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2004-06-16 188416]
S3 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [2003-10-30 1286144]
S3 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

RSIT info.txt

info.txt logfile of random's system information tool 1.06 2009-04-28 21:04:52

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CONNECT-->"C:\Program Files\Sony\CONNECT\unwise.exe" /A "C:\Program Files\Sony\CONNECT\install.log" Uninstall CONNECT
Create and Print Greeting Cards 1.0-->MsiExec.exe /I{84B1561B-4DE3-4FA8-8A08-805E553171EC}
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\Setup.exe" -l0x9
EPSON CX 4200 4800 Guide-->C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HotKey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
HP Image Zone 4.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{9D72F880-3D69-438c-8B8E-31AF8D66B38C}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
InterVideo WinDVD 5 for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
LAN-Express AS IEEE 802.11 Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
McAfee VirusScan 4.5.1 SP1(UNH Licensed)-->MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Neverwinter Nights Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4C10EEF-D26C-410D-82E7-73370C6FD812}\Setup.exe" -l0x9
OpenMG Limited Patch 4.0-04-08-02-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PictureGear Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88DA0A52-3372-4803-971A-ADFB961707E8}\Setup.exe"
PlayLinc-->MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x9
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_8175104D\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_8175104D
SonicStage 2.1.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\Setup.exe" -l0x9 UNINSTALL
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony USB Mouse-->Pmuninst.exe MouseSuite98
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9 -removeonly
Sprint music manager -->C:\PROGRA~1\SPRINT~1\Setup.exe /remove /q0
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Text Twist (remove only)-->"C:\Program Files\Yahoo! Games\Text Twist\Uninstall.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}\setup.exe" -l0x9
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}\setup.exe" -l0x9
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Light Flo Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}\setup.exe" -l0x9
VAIO Media 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A79D11B-FD82-4A5E-834F-20173515DD14}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\Setup.exe" -l0x9 UNINSTALL
VAIO Original Screen Saver VAIO Scene SD Wide Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E365AAB7-F160-4E2F-ACAC-28D487ACF47D}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x9
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIO Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
VAIO Zone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
Verizon Broadband Toolbar-->C:\Program Files\VZBB Toolbar\Uninstall.exe
Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon Servicepoint 1.5.12-->"C:\Program Files\Verizon\VSP\unins000.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Welcome to VAIO life-->"C:\Program Files\Sony\Welcome to VAIO life\unwise.exe" /A "C:\Program Files\Sony\Welcome to VAIO life\install.log" Uninstall Welcome to VAIO life
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: NAPOLEON
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9BA03F25. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 61
Source Name: Dhcp
Time Written: 20090423191524.000000-240
Event Type: warning
User:

Computer Name: NAPOLEON
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9BA03F25. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 59
Source Name: Dhcp
Time Written: 20090423191514.000000-240
Event Type: warning
User:

Computer Name: NAPOLEON
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9BA03F25. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 57
Source Name: Dhcp
Time Written: 20090423191504.000000-240
Event Type: warning
User:

Computer Name: NAPOLEON
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -2678401 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.65:123->207.46.232.182:123) is working properly.

Record Number: 42
Source Name: W32Time
Time Written: 20090422180252.000000-240
Event Type: error
User:

Computer Name: NAPOLEON
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 26
Source Name: Disk
Time Written: 20090322125144.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: NAPOLEON
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 50
Source Name: Application Error
Time Written: 20080525200737.000000-240
Event Type: error
User:

Computer Name: NAPOLEON
Event Code: 4505
Message: AutoUpdate failed. All the connections failed.

Record Number: 49
Source Name: McUpdate
Time Written: 20080525164123.000000-240
Event Type: error
User:

Computer Name: NAPOLEON
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash9.ocx, version 9.0.16.0, fault address 0x00184f4d.

Record Number: 33
Source Name: Application Error
Time Written: 20080516112313.000000-240
Event Type: error
User:

Computer Name: NAPOLEON
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 19
Source Name: Application Error
Time Written: 20080511201734.000000-240
Event Type: error
User:

Computer Name: NAPOLEON
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 8
Source Name: Application Error
Time Written: 20080506152837.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:28 AM

Posted 29 April 2009 - 12:08 AM

Hi comingdarkage,


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar




Step1

Please disable Spybot S&D's protection,or it will interfere.
  • You can enable it after you're clean.
  • Open Spybot and click on 'Mode' and check 'Advanced Mode'.
  • Click on 'Tools' in bottom left hand corner.
  • Click on the 'System Startup' icon.
  • Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  • Click the 'Allow Change' box.
  • Then, check next to the computer clock to see if the icon for Spybot is still there.
  • If it is, right click it and choose 'exit Spybot-S&D Resident'.
  • Restart the computer.
  • If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
  • http://www.russelltexas.com/malware/teatimer.htm
Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.




In your next reply, please post back:

1.Combofix log
2.RSIT log Thanks.

Edited by sundavis, 29 April 2009 - 10:43 PM.


#7 comingdarkage

comingdarkage
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 29 April 2009 - 08:26 PM

Sundavis, I actually do have virus protection installed. It's Mcafee Virus Scan, with up to date definitions. Would you say Antivir Free is better?

ComboFix 09-04-29.01 - Janice 04/29/2009 21:10.1 - NTFSx86
Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\setup.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-29 01:04 . 2009-04-29 01:04 -------- d-----w c:\program files\trend micro
2009-04-29 01:04 . 2009-04-29 01:04 -------- d-----w C:\rsit
2009-04-24 00:39 . 2009-04-24 00:39 -------- d-----w c:\documents and settings\TEMP\Application Data\ArcSoft
2009-04-23 22:11 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-23 22:09 . 2009-04-23 22:09 -------- d-----w c:\program files\Panda Security
2009-04-15 10:42 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 10:42 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 10:42 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 10:42 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 10:42 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 10:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 10:42 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:42 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 10:42 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:42 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 10:41 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 10:41 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-03 03:21 . 2009-04-03 03:21 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 00:18 . 2005-03-22 01:49 -------- d-----w c:\program files\Viewpoint
2009-04-24 00:45 . 2008-08-04 01:25 -------- d-----w c:\program files\Amazon
2009-04-24 00:38 . 2008-10-21 01:40 -------- d-----w c:\program files\Yahoo! Games
2009-04-24 00:38 . 2005-12-02 14:24 -------- d-----w c:\program files\Trillian
2009-04-24 00:37 . 2004-11-10 07:13 -------- d-----w c:\program files\Google
2009-03-30 01:56 . 2006-02-11 18:25 -------- d-----w c:\program files\QuickTime
2009-03-30 01:51 . 2009-03-30 01:50 -------- d-----w c:\program files\Apple Software Update
2009-03-21 14:36 . 2008-08-16 16:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:22 . 2004-11-09 06:59 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-11-09 06:59 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 12:23 . 2009-03-02 12:23 -------- d-----w c:\program files\MSECache
2009-02-20 18:09 . 2004-11-09 06:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-11-09 06:59 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-11-09 06:59 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-11-09 06:59 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-11-09 06:59 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-11-09 06:59 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-11-09 06:59 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-11-09 06:59 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-11-09 06:59 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-11-09 06:59 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-03-22 01:49 . 2005-08-05 19:08 67160 c:\program files\AIM\bak\aim.exe

2004-11-09 07:00 . 2003-11-08 01:21 114688 c:\program files\Apoint\bak\Apoint.exe
2008-03-31 16:44 . 2003-11-07 21:21 114688 c:\program files\Apoint\Apoint.exe

2004-11-09 08:33 . 2004-08-25 20:52 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2004-09-13 19:49 . 2004-09-13 19:49 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

2005-12-21 01:54 . 2005-12-21 01:54 278528 c:\program files\iTunes\bak\iTunesHelper.exe

2006-01-31 17:33 . 2005-11-10 18:03 36975 c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe

2006-02-11 18:26 . 2006-02-11 18:26 155648 c:\program files\QuickTime\bak\qttask.exe
2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe

2004-11-10 07:05 . 2004-10-17 05:48 122880 c:\program files\Sony\HotKey Utility\bak\HKserv.exe

2004-11-09 16:27 . 2004-10-22 03:12 184320 c:\program files\Sony\VAIO Power Management\bak\SPMgr.exe

2004-11-10 07:16 . 2004-09-22 02:54 151552 c:\program files\Sony\VAIO Update 2\bak\VAIOUpdt.exe

2004-11-09 16:23 . 2003-04-20 05:08 28672 c:\windows\SONYSYS\VAIO Recovery\bak\PartSeal.exe

2004-11-09 16:23 . 2004-07-16 19:17 53248 c:\windows\SONYSYS\VAIO Recovery\bak\reminder.exe

2006-07-30 23:12 . 2005-03-08 03:00 98304 c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIAEA.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [N/A]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [N/A]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [N/A]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [N/A]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [N/A]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"Auto EPSON Stylus CX4200 Series on WINTERFELL"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5121:UDP"= 5121:UDP:NWN

R3 Fadpu16E;Fadpu16E; [x]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2001-04-30 4512]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 AvSynMgr;AVSync Manager;c:\program files\Network Associates\VirusScan\avsynmgr.exe [2001-11-26 155665]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 NaiFiltr;NaiFiltr;c:\program files\Common Files\Network Associates\McShield\NaiFiltr.sys [2001-11-26 23856]

.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-23 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\m7n3newi.default\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-30 21:16
ComboFix-quarantined-files.txt 2009-04-30 01:16

Pre-Run: 50,192,826,368 bytes free
Post-Run: 50,807,353,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

167 --- E O F --- 2009-04-16 20:17


Logfile of random's system information tool 1.06 (written by random/random)
Run by Janice at 2009-04-29 21:19:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 48 GB (68%) free of 71 GB
Total RAM: 703 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:39 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\TEMP\Desktop\RSIT.exe
C:\Program Files\trend micro\Janice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on WINTERFELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P45 "Auto EPSON Stylus CX4200 Series on WINTERFELL" /O21 "\\WINTERFELL\EPSONSty" /M "Stylus CX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9049 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]
Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []
"CreateCD_Reminder"=C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe []
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe []
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe []
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe []
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe /Stationary []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []
"EPSON Stylus CX4200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 EPSON Stylus CX4200 Series /O6 USB001 /M Stylus CX4200 []
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-06-06 936960]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2007-05-11 2061816]
"Auto EPSON Stylus CX4200 Series on WINTERFELL"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P45 Auto EPSON Stylus CX4200 Series on WINTERFELL /O21 \\WINTERFELL\EPSONSty /M Stylus CX4200 []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-29 21:17:00 ----A---- C:\ComboFix.txt
2009-04-29 21:05:29 ----A---- C:\Boot.bak
2009-04-29 21:04:58 ----RASHD---- C:\cmdcons
2009-04-29 20:59:16 ----A---- C:\WINDOWS\zip.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\vFind.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\SWSC.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\SWREG.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\sed.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-29 20:59:16 ----A---- C:\WINDOWS\grep.exe
2009-04-29 20:58:53 ----D---- C:\WINDOWS\ERDNT
2009-04-29 20:58:36 ----D---- C:\Qoobox
2009-04-28 21:04:23 ----D---- C:\Program Files\trend micro
2009-04-28 21:04:22 ----D---- C:\rsit
2009-04-23 20:39:20 ----D---- C:\Documents and Settings\TEMP\Application Data\ArcSoft
2009-04-23 18:09:55 ----D---- C:\Program Files\Panda Security
2009-04-16 16:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 16:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 16:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 16:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 16:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 16:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 06:41:18 ----N---- C:\WINDOWS\system32\xpsp4res.dll

======List of files/folders modified in the last 1 months======

2009-04-29 21:17:15 ----D---- C:\WINDOWS\Temp
2009-04-29 21:17:04 ----D---- C:\WINDOWS\system32
2009-04-29 21:17:02 ----D---- C:\WINDOWS
2009-04-29 21:14:31 ----A---- C:\WINDOWS\system.ini
2009-04-29 21:13:05 ----D---- C:\WINDOWS\system32\drivers
2009-04-29 21:13:05 ----D---- C:\WINDOWS\AppPatch
2009-04-29 21:12:55 ----D---- C:\Program Files\Common Files
2009-04-29 21:10:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-29 21:05:30 ----RASH---- C:\boot.ini
2009-04-29 21:01:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-29 20:37:42 ----D---- C:\Program Files\Mozilla Firefox
2009-04-29 20:30:03 ----SD---- C:\WINDOWS\Tasks
2009-04-29 20:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-29 20:18:52 ----D---- C:\Program Files\Viewpoint
2009-04-29 20:18:07 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-29 17:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-28 21:04:23 ----AD---- C:\Program Files
2009-04-28 21:02:36 ----D---- C:\WINDOWS\Prefetch
2009-04-28 15:41:06 ----D---- C:\WINDOWS\Minidump
2009-04-24 18:32:56 ----D---- C:\WINDOWS\pchealth
2009-04-23 20:47:11 ----D---- C:\My Downloads
2009-04-23 20:45:16 ----D---- C:\Program Files\Amazon
2009-04-23 20:38:47 ----D---- C:\Program Files\Yahoo! Games
2009-04-23 20:38:12 ----D---- C:\Program Files\Trillian
2009-04-23 20:37:30 ----D---- C:\Program Files\Google
2009-04-23 20:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-17 08:56:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 08:51:38 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 16:17:54 ----HD---- C:\WINDOWS\inf
2009-04-16 16:17:52 ----DC---- C:\WINDOWS\system32\dllcache
2009-04-16 16:17:46 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 16:17:28 ----D---- C:\WINDOWS\system32\en-US
2009-04-16 16:17:28 ----D---- C:\Program Files\Internet Explorer
2009-04-16 16:16:59 ----D---- C:\WINDOWS\ie7updates
2009-04-16 16:13:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-09 625249]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-12-11 1042432]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys [2003-12-11 196736]
R3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2004-08-05 392544]
R3 NaiFiltr;NaiFiltr; \??\C:\Program Files\Common Files\Network Associates\McShield\NaiFiltr.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2004-05-21 65024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-12-11 681344]
S3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2004-08-03 231552]
S3 catchme;catchme; \??\C:\DOCUME~1\TEMP\LOCALS~1\Temp\catchme.sys []
S3 Fadpu16E;Fadpu16E; \??\C:\DOCUME~1\T4\LOCALS~1\Temp\Fadpu16E.sys []
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-11-07 67712]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-22 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 AvSynMgr;AVSync Manager; C:\Program Files\Network Associates\VirusScan\avsynmgr.exe [2001-11-26 155665]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2004-10-25 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2004-10-25 118784]
R3 McShield;McShield; C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe [2001-11-26 225403]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2004-10-25 278528]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-08-23 139264]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2004-11-03 339968]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-10-25 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2004-11-02 1826816]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2004-06-16 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2004-06-16 188416]
S3 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [2003-10-30 1286144]
S3 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:28 AM

Posted 29 April 2009 - 10:42 PM

Hi comingdarkage,


It's Mcafee Virus Scan


Yes, Mcafee is on board. It seems to be a wrong paste. :thumbup2: Sorry for that.


Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\DOCUME~1\T4\LOCALS~1\Temp\Fadpu16E.sys 

Folder::
c:\program files\AIM\bak
c:\program files\Apoint\bak
c:\program files\QuickTime\bak

AWF::
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
c:\program files\Sony\HotKey Utility\bak\HKserv.exe
c:\program files\Sony\VAIO Power Management\bak\SPMgr.exe
c:\program files\Sony\VAIO Update 2\bak\VAIOUpdt.exe
c:\windows\SONYSYS\VAIO Recovery\bak\PartSeal.exe
c:\windows\SONYSYS\VAIO Recovery\bak\reminder.exe
c:\windows\system32\spool\drivers\w32x86\3\bak\E_FATIAEA.EXE

Driver::
Fadpu16E

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.





Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • J2SE Runtime Environment 5.0 Update 6
      J2SE Runtime Environment 5.0
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.Combofix log
2.KAS Scan Report
3.Fresh HJT log

Tell me how your pc is running now.

#9 comingdarkage

comingdarkage
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 02 May 2009 - 11:58 PM

Sundavis, thanks. My computer certainly seems to be running faster. We'll see what these logs have to say however. Here they are:

Combofix

ComboFix 09-05-02.4 - Janice 05/01/2009 19:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.243 [GMT -4:00]
Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TEMP\Desktop\CFScript.txt
* Resident AV is active


FILE ::
c:\docume~1\T4\LOCALS~1\Temp\Fadpu16E.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AIM\bak
c:\program files\AIM\bak\aim.exe
c:\program files\Apoint\bak
c:\program files\Apoint\bak\Apoint.exe
c:\program files\QuickTime\bak
c:\program files\QuickTime\bak\qttask.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FADPU16E
-------\Service_Fadpu16E


((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-29 01:04 . 2009-04-30 01:19 -------- d-----w c:\program files\trend micro
2009-04-29 01:04 . 2009-04-29 01:04 -------- d-----w C:\rsit
2009-04-24 00:39 . 2009-04-24 00:39 -------- d-----w c:\documents and settings\TEMP\Application Data\ArcSoft
2009-04-23 22:11 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-23 22:09 . 2009-04-23 22:09 -------- d-----w c:\program files\Panda Security
2009-04-15 10:42 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 10:42 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 10:42 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 10:42 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 10:42 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 10:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 10:42 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:42 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 10:42 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:42 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 10:41 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 10:41 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-03 03:21 . 2009-04-03 03:21 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 23:52 . 2009-04-25 23:32 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-01 23:52 . 2004-11-09 08:19 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 23:47 . 2006-02-11 18:25 -------- d-----w c:\program files\QuickTime
2009-05-01 23:47 . 2005-03-22 01:49 -------- d-----w c:\program files\AIM
2009-05-01 23:47 . 2004-11-09 00:09 -------- d-----w c:\program files\Apoint
2009-05-01 23:47 . 2006-02-11 18:25 -------- d-----w c:\program files\iTunes
2009-04-30 00:18 . 2005-03-22 01:49 -------- d-----w c:\program files\Viewpoint
2009-04-24 03:21 . 2009-03-30 01:51 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-24 00:45 . 2008-08-04 01:25 -------- d-----w c:\program files\Amazon
2009-04-24 00:38 . 2008-10-21 01:40 -------- d-----w c:\program files\Yahoo! Games
2009-04-24 00:38 . 2005-12-02 14:24 -------- d-----w c:\program files\Trillian
2009-04-24 00:37 . 2004-11-10 07:13 -------- d-----w c:\program files\Google
2009-03-30 01:51 . 2009-03-30 01:50 -------- d-----w c:\program files\Apple Software Update
2009-03-21 14:36 . 2008-08-16 16:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-06 14:22 . 2004-11-09 06:59 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-11-09 06:59 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-11-09 06:59 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-11-09 06:59 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-11-09 06:59 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-11-09 06:59 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-11-09 06:59 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-11-09 06:59 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-11-09 06:59 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-11-09 06:59 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-11-09 06:59 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-11-09 06:59 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_01.14.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-30 23:12 . 2005-03-08 03:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE
+ 2004-11-09 16:23 . 2004-07-16 19:17 53248 c:\windows\SONYSYS\VAIO Recovery\reminder.exe
+ 2004-11-09 16:23 . 2003-04-20 05:08 28672 c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
+ 2009-05-01 23:56 . 2009-04-29 09:30 1016040 c:\windows\Temp\LWI6.tmp\Names.dat
+ 2009-05-01 23:56 . 2009-04-29 09:30 1016040 c:\windows\Temp\LWI6.tmp\NAIUPD.000\names.dat
+ 2009-05-01 23:56 . 2009-04-29 09:30 2527542 c:\windows\Temp\LWI6.tmp\NAIUPD.000\clean.dat
+ 2009-05-01 23:56 . 2009-04-29 09:30 2527542 c:\windows\Temp\LWI6.tmp\Clean.dat
+ 2009-05-01 23:55 . 2009-04-29 09:30 65175625 c:\windows\Temp\LWI6.tmp\Scan.Dat
+ 2009-05-01 23:56 . 2009-04-29 09:30 65175625 c:\windows\Temp\LWI6.tmp\NAIUPD.000\scan.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-22 184320]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2004-10-17 122880]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-22 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-21 278528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"Auto EPSON Stylus CX4200 Series on WINTERFELL"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5121:UDP"= 5121:UDP:NWN

R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\NaiFsRec.sys [2001-04-30 4512]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 AvSynMgr;AVSync Manager;c:\program files\Network Associates\VirusScan\avsynmgr.exe [2001-11-26 155665]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 NaiFiltr;NaiFiltr;c:\program files\Common Files\Network Associates\McShield\NaiFiltr.sys [2001-11-26 23856]


--- Other Services/Drivers In Memory ---

*Deregistered* - aawservice
*Deregistered* - ALG
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - AvSynMgr
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - ImapiService
*Deregistered* - iPodService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - McShield
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - Vcsw
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - VzCdbSvc
*Deregistered* - VzFw
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-23 23:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\m7n3newi.default\
FF - prefs.js: browser.startup.homepage - hxxp://myyahoo.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(204)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Network Associates\VirusScan\vsstat.exe
c:\program files\Network Associates\VirusScan\vshwin32.exe
c:\program files\Network Associates\VirusScan\avconsol.exe
c:\program files\Common Files\Network Associates\McShield\mcshield.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sony\HotKey Utility\HKWnd.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Network Associates\McUpdate\mcupdate.exe
c:\program files\Common Files\Network Associates\LWI\lwi.exe
c:\program files\Java\jre1.5.0_06\bin\jucheck.exe
c:\program files\Common Files\Network Associates\On Demand Scanner\Scan32\scan32.exe
.
**************************************************************************
.
Completion time: 2009-05-01 20:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-02 00:10
ComboFix2.txt 2009-04-30 01:17

Pre-Run: 50,778,652,672 bytes free
Post-Run: 50,497,421,312 bytes free

268 --- E O F --- 2009-04-16 20:17

Kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 02, 2009 19:04:22
Records in database: 2120968
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 89406
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:56:18


File name / Threat name / Threats count
C:\WINDOWS\Downloaded Program Files\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b 1

The selected area was scanned.

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Janice at 2009-05-02 20:12:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (68%) free of 71 GB
Total RAM: 703 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:46 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\TEMP\Desktop\RSIT.exe
C:\Program Files\trend micro\Janice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on WINTERFELL] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P45 "Auto EPSON Stylus CX4200 Series on WINTERFELL" /O21 "\\WINTERFELL\EPSONSty" /M "Stylus CX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9551 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D}]
Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-01 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Verizon Broadband Toolbar - C:\WINDOWS\DOWNLO~1\vzbb.dll [2005-01-12 1111104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2003-11-07 114688]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"CreateCD_Reminder"=C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe [2004-07-16 53248]
"VAIO Recovery"=C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-20 28672]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2004-10-21 184320]
"HKSERV.EXE"=C:\Program Files\Sony\HotKey Utility\HKserv.exe [2004-10-17 122880]
"VAIO Update 2"=C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2004-09-21 151552]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"EPSON Stylus CX4200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE [2005-03-07 98304]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-06-06 936960]
"VerizonServicepoint.exe"=C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2007-05-11 2061816]
"Auto EPSON Stylus CX4200 Series on WINTERFELL"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE [2005-03-07 98304]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-01 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-05-01 20:48:41 ----SHD---- C:\RECYCLER
2009-05-01 20:48:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-01 20:48:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-01 20:48:14 ----A---- C:\WINDOWS\system32\java.exe
2009-05-01 20:48:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-01 20:11:52 ----A---- C:\ComboFix.txt
2009-05-01 19:45:41 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\zip.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\vFind.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\SWSC.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\SWREG.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\sed.exe
2009-05-01 19:45:37 ----A---- C:\WINDOWS\grep.exe
2009-04-29 21:05:29 ----A---- C:\Boot.bak
2009-04-29 21:04:58 ----RASHD---- C:\cmdcons
2009-04-29 20:58:53 ----D---- C:\WINDOWS\ERDNT
2009-04-29 20:58:36 ----D---- C:\Qoobox
2009-04-28 21:04:23 ----D---- C:\Program Files\trend micro
2009-04-28 21:04:22 ----D---- C:\rsit
2009-04-23 20:39:20 ----D---- C:\Documents and Settings\TEMP\Application Data\ArcSoft
2009-04-23 18:09:55 ----D---- C:\Program Files\Panda Security
2009-04-16 16:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 16:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 16:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 16:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 16:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 16:12:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 06:41:18 ----N---- C:\WINDOWS\system32\xpsp4res.dll

======List of files/folders modified in the last 1 months======

2009-05-02 14:04:10 ----SD---- C:\WINDOWS\Tasks
2009-05-02 13:00:47 ----D---- C:\WINDOWS\Prefetch
2009-05-02 13:00:11 ----D---- C:\Program Files\Mozilla Firefox
2009-05-02 10:39:20 ----D---- C:\NeverwinterNights
2009-05-01 21:04:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-01 20:53:00 ----D---- C:\WINDOWS\Temp
2009-05-01 20:48:19 ----SHD---- C:\WINDOWS\Installer
2009-05-01 20:48:19 ----HD---- C:\Config.Msi
2009-05-01 20:48:14 ----D---- C:\WINDOWS\system32
2009-05-01 20:47:41 ----D---- C:\Program Files\Java
2009-05-01 20:46:09 ----D---- C:\Program Files\Common Files
2009-05-01 20:12:33 ----D---- C:\WINDOWS\system32\drivers
2009-05-01 20:12:00 ----D---- C:\WINDOWS
2009-05-01 19:57:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-01 19:55:21 ----A---- C:\WINDOWS\system.ini
2009-05-01 19:55:06 ----D---- C:\Program Files\iTunes
2009-05-01 19:51:00 ----D---- C:\WINDOWS\system32\config
2009-05-01 19:49:03 ----D---- C:\WINDOWS\AppPatch
2009-05-01 19:47:26 ----D---- C:\Program Files\QuickTime
2009-05-01 19:47:26 ----D---- C:\Program Files\Apoint
2009-05-01 19:47:26 ----D---- C:\Program Files\AIM
2009-05-01 19:45:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-29 21:05:30 ----RASH---- C:\boot.ini
2009-04-29 20:23:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-29 20:18:52 ----D---- C:\Program Files\Viewpoint
2009-04-29 20:18:07 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-28 21:04:23 ----AD---- C:\Program Files
2009-04-28 15:41:06 ----D---- C:\WINDOWS\Minidump
2009-04-24 18:32:56 ----D---- C:\WINDOWS\pchealth
2009-04-23 20:47:11 ----D---- C:\My Downloads
2009-04-23 20:45:16 ----D---- C:\Program Files\Amazon
2009-04-23 20:38:47 ----D---- C:\Program Files\Yahoo! Games
2009-04-23 20:38:12 ----D---- C:\Program Files\Trillian
2009-04-23 20:37:30 ----D---- C:\Program Files\Google
2009-04-23 20:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-17 08:56:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 08:51:38 ----D---- C:\WINDOWS\system32\wbem
2009-04-16 16:17:54 ----HD---- C:\WINDOWS\inf
2009-04-16 16:17:52 ----DC---- C:\WINDOWS\system32\dllcache
2009-04-16 16:17:46 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 16:17:28 ----D---- C:\WINDOWS\system32\en-US
2009-04-16 16:17:28 ----D---- C:\Program Files\Internet Explorer
2009-04-16 16:16:59 ----D---- C:\WINDOWS\ie7updates
2009-04-16 16:13:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-09 625249]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-09-29 94601]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-12-11 1042432]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys [2003-12-11 196736]
R3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2004-08-05 392544]
R3 NaiFiltr;NaiFiltr; \??\C:\Program Files\Common Files\Network Associates\McShield\NaiFiltr.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2004-05-21 65024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-12-11 681344]
R4 catchme;catchme; \??\C:\DOCUME~1\TEMP\LOCALS~1\Temp\catchme.sys []
S3 aliadwdm;ALi Audio Accelerator WDM driver; C:\WINDOWS\system32\drivers\ac97ali.sys [2004-08-03 231552]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-11-07 67712]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-22 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 AvSynMgr;AVSync Manager; C:\Program Files\Network Associates\VirusScan\avsynmgr.exe [2001-11-26 155665]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-01 152984]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2004-10-25 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2004-10-25 118784]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
R3 McShield;McShield; C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe [2001-11-26 225403]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2004-10-25 278528]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-08-23 139264]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2004-11-03 339968]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-10-25 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2004-11-02 1826816]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2004-06-16 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2004-06-16 188416]
S3 VAIOMediaPlatform-VideoServer-AppServer;VAIO Media Video Server; C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe [2003-10-30 1286144]
S3 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:28 AM

Posted 03 May 2009 - 03:31 AM

Hi comingdarkage,



You're all clean now. :thumbup2: Any issue left? If not, let's do some tidy up.


Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2
  • Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Remember to delete tools and all the logs we have used.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:

    Please referring this thread to configure Internet Explorer 7 properly.

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

Edited by sundavis, 03 May 2009 - 01:06 PM.


#11 comingdarkage

comingdarkage
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 03 May 2009 - 09:57 AM

Sundavis, thank you. There is one hitch, however. I seem to be having trouble deleting vzbb.dll. When I hit delete, an error window pops up saying that the file is currently in use or write protected and cannot be deleted. Is there a process I need to stop or a program that I need to close to delete it? Thanks for your help.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:28 AM

Posted 03 May 2009 - 01:03 PM

Hi comingdarkage,


vzbb.dll belongs to Verizon Online Broadband Toolbar which is an Internet Service Provider that provides fast DSL net connectivity. The Kas online scanner depicted it as AdWare.Win32.MegaSearch.b 1.

I think it's maybe a false positive. Since the program is running on your machine. you may ignore it. Otherwise, you can uninstall Verizon Broadband Toolbar via Add/Remove Programs as you wish.

Hope this helps. :thumbup2:

#13 comingdarkage

comingdarkage
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 04 May 2009 - 07:46 PM

Sundavis, thanks for your prompt response. Think I'm set, you can close this thread. Thanks again for your help!

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:28 AM

Posted 05 May 2009 - 12:06 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users