Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware issue, don't know infection type - see inside for hjt


  • This topic is locked This topic is locked
12 replies to this topic

#1 jdj0202

jdj0202

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 13 May 2009 - 07:42 PM

I contracted this malware yesterday I think and every time I load mozilla firefox, or internet explorer it gives me this error message (see image)

Posted Image

I put the "globalroot\systemroot\system32" part of the error message into google and found this site with someone who also had a .dll problem - I downloaded malwarebytes anti malware and followed what was posted but my computer will not load the malwarebytes anti malware program and i've tried every way I know how. AVGFree didn't pick up anything. Thanks for any help or insight.

***LOGFILE***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:50 PM, on 5/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Users\Jordan\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\\Steam.exe" -silent
O4 - HKCU\..\Run: [CurseClient] "C:\Program Files\Curse\CurseClient.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Audio Filter.lnk = C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{74651177-5412-4808-ACEF-F485AF30F090}: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8B66B66-D363-442B-AF66-8599BE9EE328}: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13790 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,912 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:06 AM

Posted 27 May 2009 - 03:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jdj0202

jdj0202
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 27 May 2009 - 04:26 PM

Basically whats happening is that I am unable to run certain malware removal programs and I am unable to download anything from microsoft or windows websites that would assist in diagnostics or malware removal. Basically what happens is every time I try to use firefox or IE that error pops up; I'm afraid to enter passwords and other secure information because of this. I searched for "globalroot\systemroot\system32" in google which brought me to this site so I tried to take the steps that the post I found said to take to remove that malware but I could not use what was needed. Thanks for the response, i've been checking back daily since I posted.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Jordan at 17:21:20.98 on Wed 05/27/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.2062 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Jordan\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\Vista VAIO Survey.exe"
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\users\jordan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.213,85.255.112.6
TCP: {74651177-5412-4808-ACEF-F485AF30F090} = 85.255.112.213,85.255.112.6
TCP: {C8B66B66-D363-442B-AF66-8599BE9EE328} = 85.255.112.213,85.255.112.6
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\h5mja75v.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\h5mja75v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\h5mja75v.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-22 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 298776]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-7-1 125440]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-7-1 17920]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-11-29 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-11-29 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-29 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-29 812544]
S2 hixbowkx;Microsoft Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-7-1 21504]
S2 vvdsvc;VJVodServices;c:\windows\system32\svchost.exe -k vvdsvc [2008-7-1 21504]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-11-29 28464]
S3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\system32\drivers\slim.sys [2007-11-29 699520]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2008-7-1 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2008-7-1 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2008-7-1 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-11-30 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-11-30 79136]

=============== Created Last 30 ================

2009-05-24 21:03 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-05-21 21:27 <DIR> --d----- c:\programdata\Roxio
2009-05-13 21:33 <DIR> --d----- c:\windows\pss
2009-05-13 21:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 19:13 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 19:12 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 19:12 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-13 19:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-13 19:12 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-12 22:08 <DIR> --d----- c:\program files\NCH Software
2009-05-12 22:08 <DIR> --d----- c:\program files\NCH Swift Sound
2009-05-12 21:10 0 a---h--- C:\ProgramData.LOG2
2009-05-12 21:10 0 a---h--- C:\ProgramData.LOG1
2009-05-11 21:51 <DIR> --d----- c:\program files\CCleaner
2009-05-11 21:37 <DIR> --d----- c:\programdata\FreeRIP
2009-05-11 21:37 <DIR> --d----- c:\progra~2\FreeRIP
2009-05-11 21:28 330 ---shr-- C:\autorun.inf
2009-05-08 19:59 <DIR> --d----- c:\program files\Super Audio Converter

==================== Find3M ====================

2009-05-27 06:28 27,430 a------- c:\users\jordan\appdata\roaming\nvModes.dat
2009-05-11 17:57 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-11 17:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-19 13:25 23,494 a------- c:\windows\War3Unin.dat
2009-04-19 13:22 126,976 a------- c:\windows\War3Unin.exe
2009-04-19 13:22 2,829 a------- c:\windows\War3Unin.pif
2009-03-27 23:36 249,856 -------- c:\windows\Setup1.exe
2009-03-27 23:36 73,216 a------- c:\windows\ST6UNST.EXE
2009-03-03 22:54 188,896 a------- c:\windows\system32\PnkBstrB.exe
2009-03-01 19:05 70,968 a------- c:\windows\system32\PnkBstrA.exe
2009-03-01 18:25 22,328 a------- c:\users\jordan\appdata\roaming\PnkBstrK.sys
2009-03-01 18:25 2,246,144 a------- c:\windows\system32\pbsvc.exe
2008-09-14 17:43 0 a------- c:\users\jordan\appdata\roaming\wklnhst.dat
2008-07-01 13:45 174 a--sh--- c:\program files\desktop.ini
2008-07-01 13:45 143,360 a------- c:\windows\inf\infstrng.dat
2008-07-01 13:45 86,016 a------- c:\windows\inf\infstor.dat
2008-07-01 13:45 51,200 a------- c:\windows\inf\infpub.dat
2008-07-01 13:37 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-30 22:11 88 a--shr-- c:\windows\system32\76A5020C4A.sys
2008-12-30 22:11 3,452 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:22:47.88 ===============

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 28 May 2009 - 10:20 AM

Hi jdj0202,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK: "C:\Qoobox\Add-Remove Programs.txt"
    • A text file opens up, copy and paste the content to your reply.


#5 jdj0202

jdj0202
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 28 May 2009 - 05:47 PM

The produced log is attached; after reboot, when loading mozilla firefox the error no longer showed, fyi.

Here is the C:\Qoobox\Add-Remove Programs.txt

AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced WMA Workshop version 2.3
Apple Software Update
AppMon Utility
ArcSoft Magic-i Visual Effects
Aspell English Dictionary-0.50-2
Assassin's Creed
AutoUpdate
AVG Free 8.5
BioShock
BitTorrent
Blood
Blood2
Blood2 v2.1 Patch
Bonjour Core for Windows
Camtasia Studio 5
CCleaner (remove only)
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Connect
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
Doom 3
DSD Direct
DSD Direct Player
DSD Playback Plug-in
Fallout
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Far Cry
Foxit Reader
GearDrvs
GNU Aspell 0.50-3
Google Earth
Google Updater
Goombah Partner COM Server
GTK+ Runtime 2.14.7 rev a (remove only)
H.264 Decoder
Half-Life® 2
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hero Editor V0.96
Hero Editor V1.03
HijackThis 2.0.2
Intel® Matrix Storage Manager
Jagged Alliance 2 Gold
Jagged Alliance 2 Wildfire
Java™ 6 Update 13
Java™ SE Runtime Environment 6
kuler
LocationFree Player
Malwarebytes' Anti-Malware
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Netflix Movie Viewer
Norton 360
Nox
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
Photoshop Camera Raw
Pidgin
Pro Evolution Soccer 2008
Pro Evolution Soccer 2009
PunkBuster Services
QHLive Player
Quake Live Internet Explorer Plugin
Quake Live Mozilla Plugin
QuickBooks Simple Start 2008
QuickTime
Realtek High Definition Audio Driver
Rosetta Stone V3
Roxio Activation Module
Roxio Easy Media Creator Home
Ruckus Player
Setting Utility Series
Skype™ 3.8
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Video Shared Library
SopCast 3.0.3
SPVOD Player1.8
SSH Secure Shell
Steam™
Suite Shared Configuration CS4
SupportSoft Assisted Service
Switch Sound File Converter
Synaptics Pointing Device Driver
Tortun 0.8
TVUPlayer 2.3.7.1
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
VAIO Camera Capture Utility
VAIO Center Access Bar
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO DVD Menu Data Basic
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Launcher
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.2
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO PC Wireless LAN Wizard
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Startup Assistant
VAIO Survey
VAIO Update 3
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Warcraft III
Westwood Shared Internet Components
WIDCOMM Bluetooth Software 6.1.0.2000
Windows Media Player Firefox Plugin
WinDVD for VAIO
WinRAR archiver
Wireless Switch Setting Utility

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 28 May 2009 - 06:27 PM

Well done. :thumbup2:

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • I see AVG 8 running on the computer. And I see Norton 360 on the program list. If this is a left over please download and run the Norton Removal Tool.

    Note: Norton removal tool is one and the same for all versions named below. It doesn't matter which version you have.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • You have the latest version of Java (version 6 update 13) and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ SE Runtime Environment 6

  • Open Firefox. Go Tools -> Options -> Advanced -> click on the Network Tab, then click Settings.
    Select the radio button that says Auto Detect Proxy Settings for all this Network. Click Ok.

  • Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/t/226729/malware-issue-dont-know-infection-type-see-inside-for-hjt/?p=1280370
    
    Collect::[4]
    c:\windows\system32\fvvuugqs.dll
    Driver::
    hixbowkx
    NetSvc::
    hixbowkx
    DDS::
    BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No File
    TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Firefox::
    FF - ProfilePath - c:\users\jordan\appdata\roaming\mozilla\firefox\profiles\h5mja75v.default\
    FF - prefs.js: network.proxy.type - 4

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
  • Tell me also how is your computer running.


#7 jdj0202

jdj0202
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 29 May 2009 - 05:47 PM

I attached the log produced; there was no message box that opened when the log was produced, dunno if that's bad.

Also my computer is running well; it wasn't running all that badly with the malware its just that I was afraid for my passwords and whatnot.

Thanks again for your help.

Attached Files



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 29 May 2009 - 06:18 PM

Seems the malware is regenerating another service with random names.
  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    Driver::
    ivpgidthr
    NetSvc::
    ivpgidthr
    Rootkit::
    c:\windows\system32\fvvuugqs.dll
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ivpgidthr]

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Go to start > Run copy/paste the following line in the run box and click OK.

    cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt& del log.txt

    A command window opens. Wait until a log.txt file opens. Please post the content to your reply.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 29 May 2009 - 06:46 PM

Please before doing the steps in the previous post do the following then the steps of the previous post:

Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

#10 jdj0202

jdj0202
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 29 May 2009 - 08:48 PM

Here are the requested logs.

Malwarebytes' Anti-Malware 1.37
Database version: 2195
Windows 6.0.6001 Service Pack 1

5/29/2009 9:30:15 PM
mbam-log-2009-05-29 (21-30-15).txt

Scan type: Quick Scan
Objects scanned: 78433
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

______________________________________________________________

ComboFix 09-05-29.01 - Jordan 05/29/2009 21:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1662 [GMT -4:00]
Running from: c:\users\Jordan\Downloads\ComboFix.exe
Command switches used :: c:\users\Jordan\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ivpgidthr


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))
.

2009-05-30 01:37 . 2009-05-30 01:38 -------- d-----w c:\users\Jordan\AppData\Local\temp
2009-05-30 01:26 . 2009-05-30 01:26 3371383 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-29 21:49 . 2009-05-29 21:49 -------- d-----w c:\programdata\NortonInstaller
2009-05-28 22:51 . 2009-05-28 22:51 -------- d-----w c:\users\Jordan\AppData\Roaming\Malwarebytes
2009-05-25 01:03 . 2009-05-25 01:03 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-05-22 01:27 . 2009-05-22 01:30 -------- d-----w c:\programdata\Roxio
2009-05-22 01:27 . 2009-05-22 01:27 -------- d-----w c:\users\Jordan\AppData\Roaming\Roxio
2009-05-19 22:18 . 2009-05-11 21:57 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-19 22:18 . 2009-05-11 21:57 354584 ----a-w c:\programdata\avg8\update\backup\avgxch32.dll
2009-05-19 22:18 . 2009-05-11 21:57 3399960 ----a-w c:\programdata\avg8\update\backup\avgui.exe
2009-05-19 22:18 . 2009-05-11 21:57 2302232 ----a-w c:\programdata\avg8\update\backup\avguiadv.dll
2009-05-19 22:18 . 2009-05-11 21:57 3288344 ----a-w c:\programdata\avg8\update\backup\setup.exe
2009-05-19 22:18 . 2009-05-11 21:57 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-19 22:18 . 2009-05-11 21:57 312088 ----a-w c:\programdata\avg8\update\backup\avglngx.dll
2009-05-19 22:18 . 2009-05-11 21:57 177432 ----a-w c:\programdata\avg8\update\backup\avgmail.dll
2009-05-19 22:18 . 2009-05-11 21:57 486168 ----a-w c:\programdata\avg8\update\backup\avgrsx.exe
2009-05-19 22:18 . 2009-05-11 21:56 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll
2009-05-19 22:18 . 2009-05-11 21:56 755992 ----a-w c:\programdata\avg8\update\backup\avginet.dll
2009-05-14 01:05 . 2009-05-14 01:05 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-13 23:13 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 23:12 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 23:12 . 2009-05-30 01:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-13 23:12 . 2009-05-13 23:12 -------- d-----w c:\programdata\Malwarebytes
2009-05-13 02:08 . 2009-05-13 02:08 -------- d-----w c:\program files\NCH Software
2009-05-13 02:08 . 2009-05-13 02:08 -------- d-----w c:\users\Jordan\AppData\Roaming\NCH Swift Sound
2009-05-13 02:08 . 2009-05-13 02:08 -------- d-----w c:\program files\NCH Swift Sound
2009-05-12 01:51 . 2009-05-12 01:51 -------- d-----w c:\program files\CCleaner
2009-05-12 01:37 . 2009-05-12 01:37 -------- d-----w c:\programdata\FreeRIP
2009-05-08 23:59 . 2009-05-12 01:32 -------- d-----w c:\program files\Super Audio Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 01:37 . 2007-11-29 20:59 12 ----a-w c:\windows\bthservsdp.dat
2009-05-29 23:21 . 2008-09-23 14:18 -------- d-----w c:\programdata\Google Updater
2009-05-29 21:52 . 2008-09-22 19:41 -------- d-----w c:\programdata\avg8
2009-05-29 21:49 . 2008-07-01 16:55 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-28 23:35 . 2008-08-26 00:00 -------- d-----w c:\users\Jordan\AppData\Roaming\U3
2009-05-28 23:30 . 2009-05-28 23:30 4096 ----a-w c:\windows\system32\04894.tmp
2009-05-27 22:06 . 2008-07-04 02:52 27430 ----a-w c:\users\Jordan\AppData\Roaming\nvModes.dat
2009-05-27 10:48 . 2008-07-03 23:46 -------- d-----w c:\users\Jordan\AppData\Roaming\.purple
2009-05-21 22:30 . 2008-07-06 21:11 -------- d-----w c:\users\Jordan\AppData\Roaming\Bioshock
2009-05-21 01:21 . 2007-11-30 17:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-21 00:45 . 2008-07-15 23:16 -------- d-----w c:\program files\Ubisoft
2009-05-14 23:34 . 2008-12-24 19:37 -------- d-----w c:\programdata\Rosetta Stone
2009-05-14 02:01 . 2008-09-13 04:58 -------- d-----w c:\users\Jordan\AppData\Roaming\DNA
2009-05-14 01:05 . 2007-11-30 17:53 -------- d-----w c:\program files\Java
2009-05-13 23:10 . 2008-09-13 04:58 -------- d-----w c:\program files\DNA
2009-05-11 21:57 . 2009-02-03 21:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 21:57 . 2008-09-22 19:43 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 21:57 . 2008-09-22 19:43 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-11 03:31 . 2008-09-13 04:58 -------- d-----w c:\users\Jordan\AppData\Roaming\BitTorrent
2009-05-07 17:40 . 2008-11-18 19:11 -------- d-----w c:\users\Jordan\AppData\Roaming\Skype
2009-05-07 17:39 . 2008-11-18 19:12 -------- d-----w c:\users\Jordan\AppData\Roaming\skypePM
2009-05-03 20:40 . 2008-07-05 01:33 -------- d-----w c:\program files\Diablo II
2009-05-01 11:10 . 2008-07-04 00:57 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-24 03:42 . 2009-04-19 17:18 -------- d-----w c:\program files\Warcraft III
2009-04-22 04:20 . 2009-04-22 04:20 14311680 ----a-w c:\windows\system32\xlive.dll
2009-04-22 04:20 . 2009-04-22 04:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll
2009-04-21 20:04 . 2008-07-03 23:43 -------- d-----w c:\program files\Pidgin
2009-04-21 20:04 . 2008-07-03 23:43 -------- d-----w c:\program files\Common Files\GTK
2009-04-19 17:25 . 2009-04-19 17:22 23494 ----a-w c:\windows\War3Unin.dat
2009-04-19 17:22 . 2009-04-19 17:22 2829 ----a-w c:\windows\War3Unin.pif
2009-04-19 17:22 . 2009-04-19 17:22 126976 ----a-w c:\windows\War3Unin.exe
2009-04-18 15:53 . 2008-10-11 00:28 -------- d-----w c:\program files\DivX
2009-04-18 15:53 . 2009-04-18 15:53 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-16 23:26 . 2008-11-21 19:25 -------- d-----w c:\program files\DOOM 3
2009-04-15 18:16 . 2009-04-15 18:16 -------- d-----w c:\programdata\TechSmith
2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\program files\TechSmith
2009-04-03 17:07 . 2008-07-01 16:35 -------- d-----w c:\programdata\Microsoft Help
2009-03-31 23:09 . 2008-10-14 02:00 -------- d-----w c:\program files\Common Files\Steam
2009-03-28 03:36 . 2008-07-05 01:43 249856 ------w c:\windows\Setup1.exe
2009-03-28 03:36 . 2008-07-05 01:43 73216 ----a-w c:\windows\ST6UNST.EXE
2009-03-17 21:10 . 2009-03-17 21:10 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-03-04 02:54 . 2009-03-01 22:17 138784 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-04 02:54 . 2009-03-01 22:17 188896 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-01 23:05 . 2009-03-01 22:17 70968 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-01 22:25 . 2009-03-01 22:17 22328 ----a-w c:\users\Jordan\AppData\Roaming\PnkBstrK.sys
2009-03-01 22:25 . 2009-03-01 22:17 22328 ----a-w c:\users\Jordan\AppData\Roaming\PnkBstrK.sys
2009-03-01 22:25 . 2009-03-01 22:17 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-31 02:11 . 2008-10-20 01:34 88 --sha-r c:\windows\System32\76A5020C4A.sys
2008-12-31 02:11 . 2008-10-20 01:34 3452 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-28_22.38.05 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-29 19:10 . 2009-05-28 22:35 47314 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-11-29 19:10 . 2009-05-29 21:54 47314 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-03 23:11 . 2009-05-29 22:36 10666 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2765755045-1864080228-1914519024-1000_UserData.bin
- 2008-07-03 23:07 . 2009-05-28 22:20 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-03 23:07 . 2009-05-29 23:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-03 23:07 . 2009-05-29 23:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-03 23:07 . 2009-05-28 22:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-03 23:07 . 2009-05-29 23:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-03 23:07 . 2009-05-28 22:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-16 18:28 . 2009-05-30 01:37 5606 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-07-04 00:48 . 2009-05-29 10:45 242682 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-05-29 22:36 102928 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-05-29 21:33 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-27 21:33 598588 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-29 21:33 102194 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-27 21:33 102194 c:\windows\System32\perfc009.dat
+ 2008-07-03 23:13 . 2009-05-29 22:40 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-07-03 23:13 . 2009-05-27 21:51 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-07-04 05:55 . 2009-05-29 22:40 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-07-04 05:55 . 2009-05-27 21:51 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-12-01 00:06 303104 ------w c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2007-09-21 542560]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

c:\users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6CCB826A-5CBA-4A51-9752-0A2D3E3BFDAC}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{873E76F9-85D6-45E1-944B-3793405A76DC}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{65BC2A9A-CC2C-4026-94A7-8E94407294F9}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B40DA9A6-A4A4-4A4A-9151-071A2875645C}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{5FD354DA-BC23-43E4-AAEF-E016F08628E3}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{5FEE5057-BBC3-4DA5-8834-3307388D5966}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{4CDAC4C7-B25F-4981-ABFB-E638FE207A88}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4E308EE4-FC82-4C3B-B2E1-62606C026778}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9AC53A26-7485-4B8B-AD61-79DF87905FBC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{785D5B15-BD89-4548-ACC0-7DDD5CC01D68}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{05893E51-C390-425F-B8DB-44E8019C3EAF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{63A1DA6B-44BE-473A-8263-3AD5676C627A}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{3AF5C1F8-5593-43A2-AF7E-97E34AE0C1C5}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C5EC0FF5-BB53-4CDF-BB61-BB6C519AF6D1}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{ECA2D81B-B5BB-48D0-A33E-9BA3330CC32A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{25B1767C-1095-44DC-8AB4-F0CF7E514C59}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{5AB74179-E3B0-4E66-A7CA-B5C252D744FA}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{4B8815E1-68BD-45FB-A02F-E7A706F01FB8}c:\\program files\\tortun\\gui.exe"= UDP:c:\program files\tortun\gui.exe:gui
"UDP Query User{6321853F-C1CA-4AFB-9AE7-74E6102ECC37}c:\\program files\\tortun\\gui.exe"= TCP:c:\program files\tortun\gui.exe:gui
"TCP Query User{4132B2E3-4620-4C94-A265-AF0EC44A2A0B}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{A944B587-87AC-438A-B73C-EB1C620AEAB6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{B9E2DF4E-6563-45A4-88BD-019393ABD4E2}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{E18D71F6-8E61-40D4-B41F-DDCF4AD4EE6E}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{F0308C37-BC54-41FF-8045-FFA8DFA787E6}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{2BC3E784-0942-457C-934F-58E93882CCB2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{61DBCEE4-5B19-4E95-A552-F2682EB9B75C}c:\\program files\\pidgin\\pidgin.exe"= UDP:c:\program files\pidgin\pidgin.exe:Pidgin
"UDP Query User{CB21E384-04A3-4112-981B-73FEF0DF9CCC}c:\\program files\\pidgin\\pidgin.exe"= TCP:c:\program files\pidgin\pidgin.exe:Pidgin
"TCP Query User{52AA6BF3-4ED1-4F23-8032-DE7912026620}c:\\users\\jordan\\downloads\\wotlk-beta-3.0.1-enus-downloader.exe"= UDP:c:\users\jordan\downloads\wotlk-beta-3.0.1-enus-downloader.exe:wotlk-beta-3.0.1-enus-downloader.exe
"UDP Query User{1CFF9320-0C7F-46DB-AD16-313A4595DDE3}c:\\users\\jordan\\downloads\\wotlk-beta-3.0.1-enus-downloader.exe"= TCP:c:\users\jordan\downloads\wotlk-beta-3.0.1-enus-downloader.exe:wotlk-beta-3.0.1-enus-downloader.exe
"TCP Query User{7195C738-84CA-493C-8C18-0FCE76BD62B0}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{0829682F-C583-49F2-A9FF-BB3F56750F5A}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{6FC60E5B-283D-4FF7-BD06-C5E6FC69F769}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{DDA9AEF9-8958-45AD-99C3-D7241C576890}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{E4B991E3-B442-41FA-BE96-F619C2E990BB}c:\\users\\jordan\\program files\\dna\\btdna.exe"= UDP:c:\users\jordan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{A1D42DC8-A7CD-4C02-88E5-5052770DA7B0}c:\\users\\jordan\\program files\\dna\\btdna.exe"= TCP:c:\users\jordan\program files\dna\btdna.exe:btdna.exe
"{5A156C19-44BC-4616-A82A-E4E26467196F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{1428561B-3920-4B6F-A66A-E26B7E45162E}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe"= UDP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe
"UDP Query User{3A47D8CC-3D52-4E14-85C8-E7FAFA55E394}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe"= TCP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader.exe
"TCP Query User{0BD3827C-3FA3-44AC-B1E3-78391A2B0BC7}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe"= UDP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe
"UDP Query User{37EF73C9-0B45-483A-8647-14C47821113B}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe"= TCP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(2).exe
"TCP Query User{8C192640-D9B1-4A2F-86F7-0CAF5E8DCB9F}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(3).exe"= UDP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(3).exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(3).exe
"UDP Query User{5C84D718-53D4-4782-A60D-47D1E5B7C57E}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(3).exe"= TCP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(3).exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(3).exe
"TCP Query User{534B03D7-374C-447F-966B-39C8B61C5C2B}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe"= UDP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe
"UDP Query User{83E43B5B-44B2-4CE4-AE9A-F9773F6D6DB8}c:\\users\\jordan\\downloads\\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe"= TCP:c:\users\jordan\downloads\wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe:wow-2.4.3.8568-to-3.0.2.8916-enus-downloader(4).exe
"{7A3D9363-BCDC-45F3-B62B-44E5C8D6EAF3}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{183C72C9-483D-4945-80C6-57C4E59F32DB}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{62BD9358-A5D2-4A87-9A69-398D3D1C0BA0}c:\\users\\jordan\\downloads\\starcraft\\starcraft.exe"= UDP:c:\users\jordan\downloads\starcraft\starcraft.exe:starcraft.exe
"UDP Query User{0942A345-6291-48C9-8432-C0A5E6A29B4E}c:\\users\\jordan\\downloads\\starcraft\\starcraft.exe"= TCP:c:\users\jordan\downloads\starcraft\starcraft.exe:starcraft.exe
"TCP Query User{82188835-FEDB-4107-95C6-1EBFAEEE755F}c:\\users\\jordan\\desktop\\pes09\\pes 2009\\pes2009.exe"= UDP:c:\users\jordan\desktop\pes09\pes 2009\pes2009.exe:pes2009.exe
"UDP Query User{16A59EA9-DDFF-460C-8BA3-F757B4A2AB54}c:\\users\\jordan\\desktop\\pes09\\pes 2009\\pes2009.exe"= TCP:c:\users\jordan\desktop\pes09\pes 2009\pes2009.exe:pes2009.exe
"{85746C1F-68C9-4B1F-99A2-FC43F5F2F2EF}"= UDP:5353:Adobe CSI CS4
"{CA515DFA-D08C-4D7A-9291-252FD1417D10}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F7CD0D8F-BBFD-4FF6-89F7-1AD879970876}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A292C89A-B3F3-4851-8336-B8EAF2B5502B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5DB67D1B-5EE3-478E-A41E-F85813894A7B}"= inRosettaStoneLtdServices.exe:Rosetta Stone Online Component (inbound)
"{7634505E-3CCB-42B7-8FEA-45123A623BB1}"= RosettaStoneVersion3.exe:Rosetta Stone V3 Application (inbound)
"TCP Query User{681DBB03-DB3B-4804-BCF5-E067CAFCBFBB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{715BE057-3A54-4D9B-A5D4-96E57AB5A5CE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E25E8B84-1258-4A0A-8AF9-0BEE029C932F}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{BD128213-1982-43FF-A294-7529B821CEBE}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{83E74180-E538-41FC-A08A-0DC4261F325D}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{0197114C-7E9F-49A1-8AB8-BEB993F471E9}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{8325F249-C979-48D0-86FD-354719F9AA0E}c:\\users\\jordan\\appdata\\local\\temp\\blizzard launcher temporary - 4f96e890\\launcher.exe"= UDP:c:\users\jordan\appdata\local\temp\blizzard launcher temporary - 4f96e890\launcher.exe:launcher.exe
"UDP Query User{15721F01-5067-403E-84DB-F731EF18AE25}c:\\users\\jordan\\appdata\\local\\temp\\blizzard launcher temporary - 4f96e890\\launcher.exe"= TCP:c:\users\jordan\appdata\local\temp\blizzard launcher temporary - 4f96e890\launcher.exe:launcher.exe
"TCP Query User{0A4BF096-DCB2-440A-BEC7-CA3F2310B211}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F8F7A84D-0C41-4E74-B423-3293C23C9839}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{39D8F593-C13B-4F18-81E5-235DAFA1C441}"= UDP:c:\users\Jordan\Desktop\PES.exe:Pro Evolution Soccer 2008
"{73A4D854-5C70-4A4B-9CD3-F3511436C879}"= TCP:c:\users\Jordan\Desktop\PES.exe:Pro Evolution Soccer 2008
"TCP Query User{E3C20FF0-32BE-48D7-A582-99FD4C43C616}c:\\users\\jordan\\appdata\\local\\temp\\blizzard launcher temporary - 6d34db28\\launcher.exe"= UDP:c:\users\jordan\appdata\local\temp\blizzard launcher temporary - 6d34db28\launcher.exe:launcher.exe
"UDP Query User{1A5D9880-1D26-4EFC-A5A8-36480F52B714}c:\\users\\jordan\\appdata\\local\\temp\\blizzard launcher temporary - 6d34db28\\launcher.exe"= TCP:c:\users\jordan\appdata\local\temp\blizzard launcher temporary - 6d34db28\launcher.exe:launcher.exe
"{F858A3A9-7D4F-4993-B105-6AA8FAABBF6B}"= UDP:c:\users\Jordan\Desktop\pes09\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{1E1D7326-2391-44EA-8F2D-B707D3235319}"= TCP:c:\users\Jordan\Desktop\pes09\PES 2009\pes2009.exe:Pro Evolution Soccer 2009
"{A8B81799-093E-4D0A-9BEE-B222170907B9}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DA76AC0C-5935-42B8-8E09-32261EBDF5B8}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{3287820C-0188-4539-A1C5-7B796A8C5C8A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{98C57E64-0991-4903-9573-A292A154D72A}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{04CD81D9-A021-4EBF-8D53-F66E273258AA}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{AB83C1F5-441C-4D40-90A4-53BF63E7DB26}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{DD8895E0-0729-4875-AA62-59986389B61F}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{A2FBCF79-4D63-47CD-A9DE-F889B9CF9171}c:\\program files\\diablo ii\\game.exe"= UDP:c:\program files\diablo ii\game.exe:Diablo II
"UDP Query User{7F4E2A5E-B8BF-4976-82DB-F461291B9926}c:\\program files\\diablo ii\\game.exe"= TCP:c:\program files\diablo ii\game.exe:Diablo II
"TCP Query User{657E5612-DCE8-499C-8153-65F13B3470DB}c:\\westwood\\nox\\game.exe"= UDP:c:\westwood\nox\game.exe:GAME
"UDP Query User{3374B9E2-193E-4AD8-97C2-CCF87EFC2BAC}c:\\westwood\\nox\\game.exe"= TCP:c:\westwood\nox\game.exe:GAME
"TCP Query User{89EF2524-42C8-49BE-B7B9-5380E9C40BF6}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{8C0BDABA-9183-4902-8E18-BFE7A726E03D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{EE0DE13E-87B0-4011-87CF-A37443ACD0B6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{F66519D9-176A-4697-B539-93477CF937B2}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{19139BC2-201C-4B4F-842C-72F6BB70DA72}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{B2A505FC-4B6C-49B2-8A1A-0C13960BDFDB}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{5B49C7B9-5BB7-4321-9FC5-569691668443}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= UDP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"UDP Query User{5E42F6D0-62FE-4D94-BE26-B6D67D35FA83}c:\\program files\\bethesda softworks\\fallout 3\\fallout3.exe"= TCP:c:\program files\bethesda softworks\fallout 3\fallout3.exe:Fallout3
"{0CE6A835-21C3-485A-B9D3-5AD5ECE75665}"= UDP:c:\users\Jordan\AppData\Local\temp\7zSAE61.tmp\SymNRT.exe:Norton Removal Tool
"{35DEC9D4-04CD-4230-88B6-5717FDF89742}"= TCP:c:\users\Jordan\AppData\Local\temp\7zSAE61.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/22/2008 3:43 PM 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/3/2009 5:35 PM 298776]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 11:09 PM 11032]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [7/1/2008 12:32 PM 125440]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [7/1/2008 12:32 PM 17920]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [11/29/2007 2:42 PM 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [11/29/2007 2:42 PM 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [11/29/2007 2:50 PM 9344]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [11/29/2007 2:48 PM 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [11/29/2007 7:26 PM 28464]
S3 slim;Sony Lucid Integrated Mpeg encoder;c:\windows\System32\drivers\slim.sys [11/29/2007 2:50 PM 699520]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [7/1/2008 12:45 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [7/1/2008 12:45 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [7/1/2008 12:45 PM 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [11/30/2007 2:00 PM 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [11/30/2007 2:01 PM 79136]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-23 05:12]

2009-05-29 c:\windows\Tasks\User_Feed_Synchronization-{2239D5E3-2CEF-4DAB-BC0E-1102C45123BA}.job
- c:\windows\system32\msfeedssync.exe [2008-07-01 06:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\h5mja75v.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\h5mja75v.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\h5mja75v.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 21:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2765755045-1864080228-1914519024-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:84,9f,af,40,ab,37,82,2a,13,45,67,db,e8,d7,cb,0f,7a,2e,8e,e9,88,25,76,
af,03,22,34,50,3b,21,43,c2,f5,33,12,05,fc,3c,8b,70,5e,d5,2c,36,dc,ed,45,f9,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-2765755045-1864080228-1914519024-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:47,48,7d,cf,37,73,7d,1f,20,c2,e3,d1,9e,8c,ba,8f,8d,50,e3,c5,a9,
0e,5d,e0,6c,8b,df,81,61,17,73,db,72,92,16,07,5b,fd,57,19,bd,1f,ae,f9,63,6b,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4876)
c:\ddi\overicon.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
**************************************************************************
.
Completion time: 2009-05-30 21:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-30 01:43
ComboFix2.txt 2009-05-29 22:37
ComboFix3.txt 2009-05-28 22:40

Pre-Run: 150,390,222,848 bytes free
Post-Run: 150,156,980,224 bytes free

383



______________________________________________________________


Windows IP Configuration

Host Name . . . . . . . . . . . . : Jordan-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-AF-0B-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1A-80-F6-79-A2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d896:31d0:4e5e:6570%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, May 29, 2009 9:38:25 PM
Lease Expires . . . . . . . . . . : Saturday, May 30, 2009 9:38:25 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 66.76.227.40
208.180.42.68
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C8B66B66-D363-442B-AF66-8599BE9EE328}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e50:107a:659:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::107a:659:3f57:fe9a%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdm-66-76-227-40.tyrd.suddenlink.net
Address: 66.76.227.40

Name: google.com
Addresses: 74.125.67.100
209.85.171.100
74.125.45.100


Pinging google.com [209.85.171.100] with 32 bytes of data:
Reply from 209.85.171.100: bytes=32 time=104ms TTL=240
Reply from 209.85.171.100: bytes=32 time=103ms TTL=240

Ping statistics for 209.85.171.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 104ms, Average = 103ms
===========================================================================
Interface List
9 ...00 1f 3b af 0b df ...... Intel® Wireless WiFi Link 4965AGN
8 ...00 1a 80 f6 79 a2 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17 ...00 00 00 00 00 00 00 e0 isatap.{C8B66B66-D363-442B-AF66-8599BE9EE328}
16 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.101 30
169.254.255.255 255.255.255.255 On-link 192.168.1.101 276
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 18 ::/0 On-link
1 306 ::1/128 On-link
14 18 2001::/32 On-link
14 266 2001:0:4137:9e50:107a:659:3f57:fe9a/128
On-link
8 276 fe80::/64 On-link
14 266 fe80::/64 On-link
14 266 fe80::107a:659:3f57:fe9a/128
On-link
8 276 fe80::d896:31d0:4e5e:6570/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 30 May 2009 - 01:02 AM

The service is gone now and everything looks good. :thumbup2:

Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.

The first reboot might be a little slow, the next one will be faster.

Optional Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • Install Javacools© SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.

Happy Surfing!

#12 jdj0202

jdj0202
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 30 May 2009 - 08:07 AM

I have taken the steps you recommended to solidify my computers defense; thank you for your help Farbar. I will be recommending this site to my friends if they have issues.
Thanks again and good luck in the future.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:06 PM

Posted 30 May 2009 - 11:13 AM

You are most welcome, glad I could help. Your friends will be welcome to BC. :thumbup2:

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users