Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rdirected Here from "Am I Infected"


  • This topic is locked This topic is locked
21 replies to this topic

#1 yass

yass

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 08 January 2010 - 02:23 PM

Hey everyone I've been redirected to this forum from the "Am I infected" forum.
Here's the topic: http://www.bleepingcomputer.com/forums/t/280720/im-sure-im-infected-firefox-google/


Here is my DDS logs:
QUOTE
DDS (Ver_09-12-01.01) - NTFSx86
Run by SONY VAIO at 11:18:46.09 on Fri 01/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.496 [GMT -8:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SONY VAIO\Desktop\Downloads\dds.scr
C:\Program Files\Messenger\msmsgs.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sonyva~1\applic~1\mozilla\firefox\profiles\yabf2xru.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - GOOGLE.COM
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-27 198248]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-8-27 235168]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-27 181864]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-23 47640]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-2-26 72672]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2004-8-30 177264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070517.073\NAVENG.Sys [2007-5-18 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070517.073\NavEx15.Sys [2007-5-18 852824]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2004-7-23 338056]
R3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rndxp.sys [2009-5-23 76160]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-27 79464]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-08 06:39:32 0 d-----w- c:\program files\HotHotSoftware
2010-01-02 01:47:57 0 d-----w- c:\program files\Cobian Backup 9
2009-12-28 02:57:12 0 d-----w- c:\program files\ESET
2009-12-28 00:27:58 83748 -c--a-w- c:\windows\system32\dllcache\prcp.nls
2009-12-26 19:21:50 0 d-----w- c:\windows\pss
2009-12-21 05:33:26 0 d-----w- c:\program files\GameSpy Arcade
2009-12-21 05:14:22 0 d-----w- c:\program files\Elaborate Bytes
2009-12-21 01:26:17 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-21 01:26:06 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-21 01:26:06 0 d-----w- c:\docume~1\sonyva~1\applic~1\SUPERAntiSpyware.com
2009-12-21 01:25:42 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-21 01:19:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 01:17:48 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-12-21 01:17:47 0 d-----w- c:\docume~1\sonyva~1\applic~1\DAEMON Tools Pro
2009-12-21 00:11:55 0 d-----w- c:\docume~1\sonyva~1\applic~1\Malwarebytes
2009-12-21 00:11:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 00:11:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 00:11:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 00:11:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-20 23:37:28 0 d-----w- C:\Westwood
2009-12-12 22:12:48 0 d-----w- c:\program files\WindSolutions
2009-12-12 22:12:45 0 d-----w- c:\docume~1\sonyva~1\applic~1\WindSolutions
2009-12-12 22:12:45 0 d-----w- c:\docume~1\alluse~1\applic~1\WindSolutions

==================== Find3M ====================

2010-01-07 17:47:34 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2007-06-27 07:08:02 3416064 ----a-w- c:\program files\Microsoft Money.mny

============= FINISH: 11:20:57.54 ===============


And DDS logs 2:
QUOTE
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2006 2:34:02 PM
System Uptime: 1/8/2010 10:08:55 AM (1 hours ago)

Motherboard: Intel Corporation | | D915GRO
Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 3000/200mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 181 GiB total, 136.171 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_81A1104D&REV_03\4&23C0B1C&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_81A1104D&REV_03\4&23C0B1C&0&40F0
Service: E100B

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt

==== System Restore Points ===================

RP551: 10/10/2009 12:07:08 PM - System Checkpoint
RP552: 10/12/2009 12:43:19 AM - System Checkpoint
RP553: 10/12/2009 2:03:09 PM - Software Distribution Service 3.0
RP554: 10/13/2009 2:39:14 PM - System Checkpoint
RP555: 10/14/2009 7:54:08 PM - System Checkpoint
RP556: 10/15/2009 1:01:05 AM - Software Distribution Service 3.0
RP557: 10/15/2009 1:21:40 PM - Software Distribution Service 3.0
RP558: 10/16/2009 1:46:10 PM - System Checkpoint
RP559: 10/17/2009 3:54:46 PM - System Checkpoint
RP560: 10/18/2009 5:01:53 PM - System Checkpoint
RP561: 10/19/2009 7:08:21 AM - Software Distribution Service 3.0
RP562: 10/20/2009 7:14:56 AM - System Checkpoint
RP563: 10/21/2009 9:15:58 AM - System Checkpoint
RP564: 10/22/2009 9:11:38 AM - Software Distribution Service 3.0
RP565: 10/23/2009 11:47:46 AM - System Checkpoint
RP566: 10/24/2009 4:12:17 PM - System Checkpoint
RP567: 10/25/2009 5:49:56 PM - System Checkpoint
RP568: 10/26/2009 1:16:59 PM - Software Distribution Service 3.0
RP569: 10/27/2009 1:29:20 PM - System Checkpoint
RP570: 10/28/2009 3:46:38 PM - System Checkpoint
RP571: 10/29/2009 8:12:03 AM - Software Distribution Service 3.0
RP572: 10/30/2009 10:33:02 AM - System Checkpoint
RP573: 10/31/2009 11:20:07 AM - System Checkpoint
RP574: 11/1/2009 12:40:44 PM - System Checkpoint
RP575: 11/2/2009 10:19:48 PM - System Checkpoint
RP576: 11/3/2009 2:48:16 PM - Software Distribution Service 3.0
RP577: 11/4/2009 2:27:22 AM - Software Distribution Service 3.0
RP578: 11/5/2009 4:43:56 PM - System Checkpoint
RP579: 11/6/2009 5:11:06 PM - System Checkpoint
RP580: 11/7/2009 2:32:54 AM - Software Distribution Service 3.0
RP581: 11/8/2009 2:44:48 AM - System Checkpoint
RP582: 11/9/2009 12:02:17 PM - System Checkpoint
RP583: 11/9/2009 4:02:59 PM - Software Distribution Service 3.0
RP584: 11/10/2009 5:07:12 PM - System Checkpoint
RP585: 11/11/2009 6:12:29 PM - System Checkpoint
RP586: 11/12/2009 3:00:19 AM - Software Distribution Service 3.0
RP587: 11/12/2009 9:25:36 AM - Software Distribution Service 3.0
RP588: 11/13/2009 2:26:38 PM - System Checkpoint
RP589: 11/14/2009 3:39:51 PM - System Checkpoint
RP590: 11/15/2009 3:48:48 PM - System Checkpoint
RP591: 11/17/2009 9:15:55 AM - Software Distribution Service 3.0
RP592: 11/18/2009 8:29:48 PM - System Checkpoint
RP593: 11/19/2009 8:06:30 AM - Software Distribution Service 3.0
RP594: 11/20/2009 1:07:07 PM - System Checkpoint
RP595: 11/21/2009 1:59:29 PM - System Checkpoint
RP596: 11/22/2009 2:52:37 PM - System Checkpoint
RP597: 11/23/2009 3:27:03 PM - System Checkpoint
RP598: 11/23/2009 7:48:25 PM - Software Distribution Service 3.0
RP599: 11/25/2009 12:02:43 AM - Software Distribution Service 3.0
RP600: 11/26/2009 12:20:31 AM - System Checkpoint
RP601: 11/26/2009 10:32:25 AM - Software Distribution Service 3.0
RP602: 11/27/2009 10:45:46 AM - System Checkpoint
RP603: 11/28/2009 11:13:37 AM - System Checkpoint
RP604: 11/29/2009 2:51:11 PM - System Checkpoint
RP605: 11/30/2009 5:06:38 PM - System Checkpoint
RP606: 11/30/2009 11:12:44 PM - Software Distribution Service 3.0
RP607: 12/2/2009 1:45:13 AM - System Checkpoint
RP608: 12/3/2009 8:43:53 AM - Software Distribution Service 3.0
RP609: 12/4/2009 8:22:26 PM - System Checkpoint
RP610: 12/5/2009 8:27:17 PM - System Checkpoint
RP611: 12/6/2009 11:49:27 PM - Installed QuickTime
RP612: 12/7/2009 7:36:55 PM - Software Distribution Service 3.0
RP613: 12/8/2009 8:08:00 PM - System Checkpoint
RP614: 12/9/2009 6:03:21 AM - Software Distribution Service 3.0
RP615: 12/10/2009 11:27:08 AM - System Checkpoint
RP616: 12/10/2009 12:47:49 PM - Software Distribution Service 3.0
RP617: 12/11/2009 12:53:06 PM - System Checkpoint
RP618: 12/12/2009 1:07:51 PM - System Checkpoint
RP619: 12/13/2009 1:48:39 PM - System Checkpoint
RP620: 12/14/2009 7:38:51 AM - Software Distribution Service 3.0
RP621: 12/15/2009 11:03:44 AM - System Checkpoint
RP622: 12/16/2009 3:09:57 PM - System Checkpoint
RP623: 12/17/2009 10:40:59 AM - Software Distribution Service 3.0
RP624: 12/18/2009 1:11:10 PM - System Checkpoint
RP625: 12/19/2009 1:12:20 PM - System Checkpoint
RP626: 12/20/2009 2:26:21 PM - System Checkpoint
RP627: 12/20/2009 4:08:49 PM - Windows Defender Checkpoint
RP628: 12/20/2009 5:19:03 PM - SPTD setup V1.62
RP629: 12/20/2009 5:26:05 PM - Installed SUPERAntiSpyware Free Edition
RP630: 12/20/2009 6:15:14 PM - SPTD setup V1.62
RP631: 12/21/2009 12:32:48 PM - Software Distribution Service 3.0
RP632: 12/22/2009 5:22:36 PM - System Checkpoint
RP633: 12/23/2009 7:02:33 PM - System Checkpoint
RP634: 12/24/2009 10:51:58 AM - Software Distribution Service 3.0
RP635: 12/25/2009 12:53:05 PM - System Checkpoint
RP636: 12/25/2009 11:54:22 PM - Uninstall Guardian Software
RP637: 12/27/2009 9:21:14 PM - System Checkpoint
RP638: 12/28/2009 12:13:12 PM - Software Distribution Service 3.0
RP639: 12/29/2009 12:24:13 PM - Software Distribution Service 3.0
RP640: 12/30/2009 1:29:33 PM - System Checkpoint
RP641: 12/31/2009 11:07:31 AM - Software Distribution Service 3.0
RP642: 1/1/2010 2:08:35 PM - System Checkpoint
RP643: 1/2/2010 8:44:18 PM - System Checkpoint
RP644: 1/4/2010 7:30:24 AM - Software Distribution Service 3.0
RP645: 1/5/2010 1:01:20 PM - System Checkpoint
RP646: 1/7/2010 9:49:30 AM - System Checkpoint
RP647: 1/7/2010 9:50:51 PM - Software Distribution Service 3.0

==== Installed Programs ======================

AAC Decoder
AC3Filter 1.61b
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.1 Standard
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
Apple Application Support
Apple Software Update
Art Explosion Publisher Pro 2.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
BitTorrent
Camtasia Studio 6
CC_ccProxyExt
ccCommon
ccPxyCore
Cheat Engine 5.5
Click to DVD 2.0.02 Menu Data
Click to DVD 2.2.10
Cobian Backup 9
Command & Conquer Renegade
Compatibility Pack for the 2007 Office system
CONNECT
Define Multiple Words and get Multiple Word Definitions Softwar
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
DVgate Plus
ESET Online Scanner v3
FLV Player 2.0 (build 25)
GameSpy Arcade
H.264 Decoder
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
ISScript
J2SE Runtime Environment 5.0
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lizardtech DjVu Control
MA101 USB Adapter Configuration Utility
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mIRC
MKV Splitter
MoodLogic
Mozilla Firefox (3.0.17)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
Nero 8 Lite
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
PictureGear Studio 2.0
PyRuntimeUninstall
QuickTime
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.1
Sonic RecordNow!
SonicStage 2.1.02
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony Video Shared Library
Sothink SWF Decompiler
SPBBC
Sun Download Manager 2.0 (web)
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
TightVNC 1.3.10
TortoiseSVN 1.6.2.16344 (32 bit)
Uninstall Gormball
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene HD Normal Contents
VAIO Structure Wallpaper
VAIO Survey Standalone
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
VuePrint
WebFldrs XP
Westwood Shared Internet Components
Windows Defender
Windows Driver Package - eMPIA Technology (DCamUSBET) Image (09/11/2007 2.7.0911.0)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/3/2010 11:40:25 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
1/3/2010 11:40:20 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/3/2010 11:40:20 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


And here is my Rootrepeal report:
QUOTE
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/08 11:25
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBA079000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "" at address 0x870f4920

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x8711a6c0

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0x870d88f8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xebcbd0b0

Stealth Objects
-------------------
Object: Hidden Handle [Index: 800, Type: Key]
Process: SPBBCSvc.exe (PID: 1848) Address: 0xe18fdb38 Size: -

Object: Hidden Handle [Index: 856, Type: Key]
Process: SPBBCSvc.exe (PID: 1848) Address: 0xe159a370 Size: -

Object: Hidden Handle [Index: 872, Type: Key]
Process: SPBBCSvc.exe (PID: 1848) Address: 0xe32ab8c8 Size: -

Object: Hidden Handle [Index: 876, Type: Key]
Process: SPBBCSvc.exe (PID: 1848) Address: 0xe47a3830 Size: -

Object: Hidden Handle [Index: 884, Type: Section]
Process: SPBBCSvc.exe (PID: 1848) Address: 0xe4960848 Size: -

Object: Hidden Handle [Index: 888, Type: File]
Process: SPBBCSvc.exe (PID: 1848) Address: 0x8716a028 Size: -

==EOF==


Please help sad.gif

Edited by yass, 08 January 2010 - 02:41 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 15 January 2010 - 01:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 16 January 2010 - 12:45 PM

Hi thanks for the reply. The issue is still going on sad.gif

Here are my new DDS logs:

QUOTE
DDS (Ver_09-12-01.01) - NTFSx86
Run by SONY VAIO at 9:41:06.76 on Sat 01/16/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.317 [GMT -8:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SONY VAIO\Desktop\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sonyva~1\applic~1\mozilla\firefox\profiles\yabf2xru.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - YouTube Video Search
FF - prefs.js: browser.startup.homepage - GOOGLE.COM
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\SAVRTPEL.SYS [2004-7-23 50312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-27 198248]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2004-8-27 235168]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-27 181864]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-23 47640]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-2-26 72672]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2004-8-30 177264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070517.073\NAVENG.Sys [2007-5-18 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070517.073\NavEx15.Sys [2007-5-18 852824]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\SAVRT.SYS [2004-7-23 338056]
R3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rndxp.sys [2009-5-23 76160]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2004-8-30 67184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-27 79464]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVSCAN.EXE [2004-7-23 198368]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-01-13 07:24:08 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 06:39:32 0 d-----w- c:\program files\HotHotSoftware
2010-01-02 01:47:57 0 d-----w- c:\program files\Cobian Backup 9
2009-12-28 02:57:12 0 d-----w- c:\program files\ESET
2009-12-28 00:27:58 83748 -c--a-w- c:\windows\system32\dllcache\prcp.nls
2009-12-26 19:21:50 0 d-----w- c:\windows\pss
2009-12-21 05:33:26 0 d-----w- c:\program files\GameSpy Arcade
2009-12-21 05:14:22 0 d-----w- c:\program files\Elaborate Bytes
2009-12-21 01:26:17 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-21 01:26:06 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-21 01:26:06 0 d-----w- c:\docume~1\sonyva~1\applic~1\SUPERAntiSpyware.com
2009-12-21 01:25:42 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-21 01:19:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 01:17:48 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-12-21 01:17:47 0 d-----w- c:\docume~1\sonyva~1\applic~1\DAEMON Tools Pro
2009-12-21 00:11:55 0 d-----w- c:\docume~1\sonyva~1\applic~1\Malwarebytes
2009-12-21 00:11:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-21 00:11:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 00:11:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 00:11:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-20 23:37:28 0 d-----w- C:\Westwood

==================== Find3M ====================

2010-01-15 05:27:42 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2007-06-27 07:08:02 3416064 ----a-w- c:\program files\Microsoft Money.mny

============= FINISH: 9:43:24.18 ===============


The attach.txt:
QUOTE
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2006 2:34:02 PM
System Uptime: 1/15/2010 2:28:35 PM (19 hours ago)

Motherboard: Intel Corporation | | D915GRO
Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 3000/200mhz
Processor: Intel® Pentium® 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 181 GiB total, 134.597 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_81A1104D&REV_03\4&23C0B1C&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_81A1104D&REV_03\4&23C0B1C&0&40F0
Service: E100B

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt

==== System Restore Points ===================

RP560: 10/18/2009 5:01:53 PM - System Checkpoint
RP561: 10/19/2009 7:08:21 AM - Software Distribution Service 3.0
RP562: 10/20/2009 7:14:56 AM - System Checkpoint
RP563: 10/21/2009 9:15:58 AM - System Checkpoint
RP564: 10/22/2009 9:11:38 AM - Software Distribution Service 3.0
RP565: 10/23/2009 11:47:46 AM - System Checkpoint
RP566: 10/24/2009 4:12:17 PM - System Checkpoint
RP567: 10/25/2009 5:49:56 PM - System Checkpoint
RP568: 10/26/2009 1:16:59 PM - Software Distribution Service 3.0
RP569: 10/27/2009 1:29:20 PM - System Checkpoint
RP570: 10/28/2009 3:46:38 PM - System Checkpoint
RP571: 10/29/2009 8:12:03 AM - Software Distribution Service 3.0
RP572: 10/30/2009 10:33:02 AM - System Checkpoint
RP573: 10/31/2009 11:20:07 AM - System Checkpoint
RP574: 11/1/2009 12:40:44 PM - System Checkpoint
RP575: 11/2/2009 10:19:48 PM - System Checkpoint
RP576: 11/3/2009 2:48:16 PM - Software Distribution Service 3.0
RP577: 11/4/2009 2:27:22 AM - Software Distribution Service 3.0
RP578: 11/5/2009 4:43:56 PM - System Checkpoint
RP579: 11/6/2009 5:11:06 PM - System Checkpoint
RP580: 11/7/2009 2:32:54 AM - Software Distribution Service 3.0
RP581: 11/8/2009 2:44:48 AM - System Checkpoint
RP582: 11/9/2009 12:02:17 PM - System Checkpoint
RP583: 11/9/2009 4:02:59 PM - Software Distribution Service 3.0
RP584: 11/10/2009 5:07:12 PM - System Checkpoint
RP585: 11/11/2009 6:12:29 PM - System Checkpoint
RP586: 11/12/2009 3:00:19 AM - Software Distribution Service 3.0
RP587: 11/12/2009 9:25:36 AM - Software Distribution Service 3.0
RP588: 11/13/2009 2:26:38 PM - System Checkpoint
RP589: 11/14/2009 3:39:51 PM - System Checkpoint
RP590: 11/15/2009 3:48:48 PM - System Checkpoint
RP591: 11/17/2009 9:15:55 AM - Software Distribution Service 3.0
RP592: 11/18/2009 8:29:48 PM - System Checkpoint
RP593: 11/19/2009 8:06:30 AM - Software Distribution Service 3.0
RP594: 11/20/2009 1:07:07 PM - System Checkpoint
RP595: 11/21/2009 1:59:29 PM - System Checkpoint
RP596: 11/22/2009 2:52:37 PM - System Checkpoint
RP597: 11/23/2009 3:27:03 PM - System Checkpoint
RP598: 11/23/2009 7:48:25 PM - Software Distribution Service 3.0
RP599: 11/25/2009 12:02:43 AM - Software Distribution Service 3.0
RP600: 11/26/2009 12:20:31 AM - System Checkpoint
RP601: 11/26/2009 10:32:25 AM - Software Distribution Service 3.0
RP602: 11/27/2009 10:45:46 AM - System Checkpoint
RP603: 11/28/2009 11:13:37 AM - System Checkpoint
RP604: 11/29/2009 2:51:11 PM - System Checkpoint
RP605: 11/30/2009 5:06:38 PM - System Checkpoint
RP606: 11/30/2009 11:12:44 PM - Software Distribution Service 3.0
RP607: 12/2/2009 1:45:13 AM - System Checkpoint
RP608: 12/3/2009 8:43:53 AM - Software Distribution Service 3.0
RP609: 12/4/2009 8:22:26 PM - System Checkpoint
RP610: 12/5/2009 8:27:17 PM - System Checkpoint
RP611: 12/6/2009 11:49:27 PM - Installed QuickTime
RP612: 12/7/2009 7:36:55 PM - Software Distribution Service 3.0
RP613: 12/8/2009 8:08:00 PM - System Checkpoint
RP614: 12/9/2009 6:03:21 AM - Software Distribution Service 3.0
RP615: 12/10/2009 11:27:08 AM - System Checkpoint
RP616: 12/10/2009 12:47:49 PM - Software Distribution Service 3.0
RP617: 12/11/2009 12:53:06 PM - System Checkpoint
RP618: 12/12/2009 1:07:51 PM - System Checkpoint
RP619: 12/13/2009 1:48:39 PM - System Checkpoint
RP620: 12/14/2009 7:38:51 AM - Software Distribution Service 3.0
RP621: 12/15/2009 11:03:44 AM - System Checkpoint
RP622: 12/16/2009 3:09:57 PM - System Checkpoint
RP623: 12/17/2009 10:40:59 AM - Software Distribution Service 3.0
RP624: 12/18/2009 1:11:10 PM - System Checkpoint
RP625: 12/19/2009 1:12:20 PM - System Checkpoint
RP626: 12/20/2009 2:26:21 PM - System Checkpoint
RP627: 12/20/2009 4:08:49 PM - Windows Defender Checkpoint
RP628: 12/20/2009 5:19:03 PM - SPTD setup V1.62
RP629: 12/20/2009 5:26:05 PM - Installed SUPERAntiSpyware Free Edition
RP630: 12/20/2009 6:15:14 PM - SPTD setup V1.62
RP631: 12/21/2009 12:32:48 PM - Software Distribution Service 3.0
RP632: 12/22/2009 5:22:36 PM - System Checkpoint
RP633: 12/23/2009 7:02:33 PM - System Checkpoint
RP634: 12/24/2009 10:51:58 AM - Software Distribution Service 3.0
RP635: 12/25/2009 12:53:05 PM - System Checkpoint
RP636: 12/25/2009 11:54:22 PM - Uninstall Guardian Software
RP637: 12/27/2009 9:21:14 PM - System Checkpoint
RP638: 12/28/2009 12:13:12 PM - Software Distribution Service 3.0
RP639: 12/29/2009 12:24:13 PM - Software Distribution Service 3.0
RP640: 12/30/2009 1:29:33 PM - System Checkpoint
RP641: 12/31/2009 11:07:31 AM - Software Distribution Service 3.0
RP642: 1/1/2010 2:08:35 PM - System Checkpoint
RP643: 1/2/2010 8:44:18 PM - System Checkpoint
RP644: 1/4/2010 7:30:24 AM - Software Distribution Service 3.0
RP645: 1/5/2010 1:01:20 PM - System Checkpoint
RP646: 1/7/2010 9:49:30 AM - System Checkpoint
RP647: 1/7/2010 9:50:51 PM - Software Distribution Service 3.0
RP648: 1/9/2010 10:40:43 AM - System Checkpoint
RP649: 1/10/2010 12:20:10 PM - System Checkpoint
RP650: 1/11/2010 9:30:03 AM - Software Distribution Service 3.0
RP651: 1/13/2010 7:21:46 AM - Software Distribution Service 3.0
RP652: 1/14/2010 9:12:29 PM - Software Distribution Service 3.0
RP653: 1/16/2010 8:14:08 AM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
AC3Filter 1.61b
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.1 Standard
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
Apple Application Support
Apple Software Update
Art Explosion Publisher Pro 2.0
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
BitTorrent
Camtasia Studio 6
CC_ccProxyExt
ccCommon
ccPxyCore
Cheat Engine 5.5
Click to DVD 2.0.02 Menu Data
Click to DVD 2.2.10
Cobian Backup 9
Command & Conquer Renegade
Compatibility Pack for the 2007 Office system
CONNECT
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
DVgate Plus
ESET Online Scanner v3
FLV Player 2.0 (build 25)
GameSpy Arcade
H.264 Decoder
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
ISScript
J2SE Runtime Environment 5.0
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Lizardtech DjVu Control
MA101 USB Adapter Configuration Utility
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mIRC
MKV Splitter
MoodLogic
Mozilla Firefox (3.0.17)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
Nero 8 Lite
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
NVIDIA Drivers
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
PictureGear Studio 2.0
PyRuntimeUninstall
QuickTime
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.1
Sonic RecordNow!
SonicStage 2.1.02
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony Video Shared Library
Sothink SWF Decompiler
SPBBC
Sun Download Manager 2.0 (web)
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
TightVNC 1.3.10
TortoiseSVN 1.6.2.16344 (32 bit)
Uninstall Gormball
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Control Center
VAIO Entertainment Platform
VAIO Help and Support
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene HD Normal Contents
VAIO Structure Wallpaper
VAIO Survey Standalone
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
VuePrint
WebFldrs XP
Westwood Shared Internet Components
Windows Defender
Windows Driver Package - eMPIA Technology (DCamUSBET) Image (09/11/2007 2.7.0911.0)
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Sony SM/xD Reader USB Device' (USBSTOR\Disk&Ven_Sony&Prod_SM/xD___Reader&Rev_3.15\000000127FF5&2) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Sony SD/MMC Reader USB Device' (USBSTOR\Disk&Ven_Sony&Prod_SD/MMC__Reader&Rev_3.15\000000127FF5&3) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Sony MS Reader USB Device' (USBSTOR\Disk&Ven_Sony&Prod_MS______Reader&Rev_3.15\000000127FF5&0) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Sony Memory Card Reader/Writer' (USB\Vid_054c&Pid_021f\000000127FF5) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Sony CF Reader USB Device' (USBSTOR\Disk&Ven_Sony&Prod_CF______Reader&Rev_3.15\000000127FF5&1) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&a527829&0&RM) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&9f872e0&0&RM) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&9a5d6ae&0&RM) disappeared from the system without first being prepared for removal.
1/14/2010 12:48:43 PM, error: PlugPlayManager [12] - The device 'Generic volume' (STORAGE\RemovableMedia\7&383bd74a&0&RM) disappeared from the system without first being prepared for removal.
1/13/2010 7:21:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
1/13/2010 7:21:47 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/13/2010 7:21:44 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/11/2010 9:42:22 AM, error: PlugPlayManager [12] - The device 'SONY DVD RW DW-D22A' (IDE\CdRomSONY_DVD_RW_DW-D22A_____________________BFS2____\5&34b6c6bd&0&0.0.0) disappeared from the system without first being prepared for removal.
1/11/2010 9:41:52 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/11/2010 9:38:49 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\msaxp.dll. Reference error message: The operation completed successfully. .
1/11/2010 9:38:49 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\msaxp.dll" on line 9.
1/11/2010 9:36:53 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
1/10/2010 9:03:45 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
1/10/2010 9:03:45 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/10/2010 9:03:45 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


Also attach.txt is attached smile.gif

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 16 January 2010 - 12:46 PM

Hello, yass and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 17 January 2010 - 10:51 PM

Hey Tom thanks for such a fast reply!! smile.gif
Sorry about my delay. I missed a week of college and am trying to catch up.
I ran the GMER program already here:http://www.bleepingcomputer.com/forums/t/280720/im-sure-im-infected-firefox-google/

It takes a real long time for me to run it. Will the logs from that topic suffice? Or should I run it again? If I don't have to run it again should i skip to the OTL program?

Thanks! smile.gif
yass

Edited by yass, 17 January 2010 - 10:52 PM.


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 18 January 2010 - 02:31 PM

Hi,

Just run OTL and post back with both logfiles smile.gif.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 January 2010 - 01:35 AM

Hey again! Just got the scans done I can't thank you enough for being patient with me.

Here is extras.txt:
QUOTE
OTL Extras logfile created on: 1/19/2010 10:17:10 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\SONY VAIO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 134.52 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 700.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E58AEB3F9A6342E
Current User Name: SONY VAIO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{25CF0627-2EF6-4FCE-A0DE-7D6350C774B2}" = VAIO Original Screen Saver VAIO Scene HD Normal Contents
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D4FB9C-9CDE-4449-BD2B-6AD4D376CFDC}" = Art Explosion Publisher Pro 2.0
"{3B29A786-5803-4e9e-9B58-3014A5B4E519}" = Norton AntiSpam
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.02
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.02 Menu Data
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B46834CC-141E-11D5-A76F-0030AB007078}" = MA101 USB Adapter Configuration Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BB4301FF-59CC-4EEA-9D66-633100680C25}_is1" = PyRuntimeUninstall
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}" = VAIO Control Center
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E715FA41-46EB-4D3F-B4D9-A45973E76026}" = VAIO Structure Wallpaper
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.2.10
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FCA37CD2-7BA4-4A5A-8979-B64EA712F4CB}" = TortoiseSVN 1.6.2.16344 (32 bit)
"13E070C395DA4471589A75003E6EDEA2166506A0" = Windows Driver Package - eMPIA Technology (DCamUSBET) Image (09/11/2007 2.7.0911.0)
"8EEF50C376BC7EFF9051ECC515D0352A7868ADCE" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)
"AC3Filter_is1" = AC3Filter 1.61b
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.1 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cliffhanger Auto Player_is1" = Uninstall Gormball
"CobBackup9" = Cobian Backup 9
"CONNECT" = CONNECT
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"GameSpy Arcade" = GameSpy Arcade
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MoodLogic" = MoodLogic
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Nero8Lite_is1" = Nero 8 Lite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-08-02-01
"PROSet" = Intel® PRO Network Adapters and Drivers
"Renegade" = Command & Conquer Renegade
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"TightVNC_is1" = TightVNC 1.3.10
"VirtualCloneDrive" = VirtualCloneDrive
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VuePrint" = VuePrint
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WOLAPI" = Westwood Shared Internet Components

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2009 10:30:43 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 455
Description = wuaueng.dll (2476) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/31/2009 10:30:55 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 489
Description = wuauclt (3860) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/31/2009 10:30:55 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 455
Description = wuaueng.dll (3860) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/31/2009 10:31:05 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 489
Description = wuauclt (3860) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/31/2009 10:31:05 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 455
Description = wuaueng.dll (3860) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/4/2010 1:03:12 AM | Computer Name = E58AEB3F9A6342E | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
acrobat.dll, version 8.1.1.20, fault address 0x001178bc.

Error - 1/7/2010 12:25:21 PM | Computer Name = E58AEB3F9A6342E | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/17/2010 11:00:37 PM | Computer Name = E58AEB3F9A6342E | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
acrobat.dll, version 8.1.1.20, fault address 0x001178bc.

Error - 1/18/2010 10:41:59 AM | Computer Name = E58AEB3F9A6342E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/18/2010 6:57:13 PM | Computer Name = E58AEB3F9A6342E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ Application Events ]
Error - 12/31/2009 10:30:43 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 455
Description = wuaueng.dll (2476) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/31/2009 10:30:55 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 489
Description = wuauclt (3860) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/31/2009 10:30:55 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 455
Description = wuaueng.dll (3860) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/31/2009 10:31:05 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 489
Description = wuauclt (3860) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/31/2009 10:31:05 AM | Computer Name = E58AEB3F9A6342E | Source = ESENT | ID = 455
Description = wuaueng.dll (3860) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/4/2010 1:03:12 AM | Computer Name = E58AEB3F9A6342E | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
acrobat.dll, version 8.1.1.20, fault address 0x001178bc.

Error - 1/7/2010 12:25:21 PM | Computer Name = E58AEB3F9A6342E | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/17/2010 11:00:37 PM | Computer Name = E58AEB3F9A6342E | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
acrobat.dll, version 8.1.1.20, fault address 0x001178bc.

Error - 1/18/2010 10:41:59 AM | Computer Name = E58AEB3F9A6342E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 1/18/2010 6:57:13 PM | Computer Name = E58AEB3F9A6342E | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

[ System Events ]
Error - 1/17/2010 10:17:17 AM | Computer Name = E58AEB3F9A6342E | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 1/17/2010 1:58:44 PM | Computer Name = E58AEB3F9A6342E | Source = DCOM | ID = 10010
Description = The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register
with DCOM within the required timeout.

Error - 1/17/2010 11:37:47 PM | Computer Name = E58AEB3F9A6342E | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 1/18/2010 10:30:35 AM | Computer Name = E58AEB3F9A6342E | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/18/2010 10:30:35 AM | Computer Name = E58AEB3F9A6342E | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/18/2010 10:30:42 AM | Computer Name = E58AEB3F9A6342E | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3

Error - 1/18/2010 5:49:09 PM | Computer Name = E58AEB3F9A6342E | Source = DCOM | ID = 10010
Description = The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register
with DCOM within the required timeout.

Error - 1/19/2010 10:55:38 AM | Computer Name = E58AEB3F9A6342E | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/19/2010 10:55:38 AM | Computer Name = E58AEB3F9A6342E | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/19/2010 10:55:39 AM | Computer Name = E58AEB3F9A6342E | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%3


< End of report >


And here is otl.txt
QUOTE
OTL logfile created on: 1/19/2010 10:17:10 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\SONY VAIO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 134.52 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 700.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E58AEB3F9A6342E
Current User Name: SONY VAIO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/19 22:16:18 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
PRC - [2010/01/07 08:30:07 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/05/09 13:09:24 | 00,606,720 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/09 17:32:04 | 00,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 17:32:02 | 00,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/09 17:32:02 | 00,058,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/06/14 13:48:42 | 00,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2006/01/09 13:56:04 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2005/04/18 19:49:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2004/10/25 09:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 09:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 09:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/08/11 01:45:04 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2004/07/21 08:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 22:16:18 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/12/20 09:57:16 | 00,198,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\ASOEHOOK.DLL
MOD - [2003/02/21 04:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/09 17:32:04 | 00,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 17:32:04 | 00,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 17:32:02 | 00,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/06/14 13:48:42 | 00,235,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/01/09 13:56:04 | 00,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/19 12:55:00 | 00,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)
SRV - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/04/18 19:49:24 | 00,083,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2005/03/07 14:59:36 | 00,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/11/02 15:42:42 | 01,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 09:35:34 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 09:35:32 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 09:35:32 | 00,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 09:35:30 | 00,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/09/09 18:09:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/21 08:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 03:41:06 | 00,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/10/30 12:48:10 | 01,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: cdxFireNSI_FF@neocodex.us:2.0
FF - prefs.js..extensions.enabledItems: CliffhangerFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.4
FF - prefs.js..extensions.enabledItems: HarvestPricerFF@neocodex.us:2.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: NeoFiller@neocodex.us:2.0
FF - prefs.js..extensions.enabledItems: NQ2TrainerFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: NTrainFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: PetImageParser@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: PriceWizFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: SaveSourceFF@neocodex.us:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 19:33:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 08:30:15 | 00,000,000 | ---D | M]

[2009/05/23 17:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Extensions
[2010/01/18 16:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions
[2007/07/31 07:45:06 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2009/06/19 23:22:44 | 00,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/08/12 15:42:32 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/14 15:55:48 | 00,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/09/07 01:50:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\AuctionTimeFF@neocodex.us
[2010/01/18 20:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\cdxFireNSI_FF@neocodex.us
[2010/01/17 16:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\CliffhangerFF@neocodex.us
[2009/11/04 10:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\firebug@software.joehewitt.com
[2009/10/14 14:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\HarvestPricerFF@neocodex.us
[2009/05/29 17:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\inspector@mozilla.org
[2009/09/03 17:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\NeoFiller@neocodex.us
[2009/08/25 21:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\NQ2TrainerFF@neocodex.us
[2009/12/18 12:21:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\NTrainFF@neocodex.us
[2009/05/27 20:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\PetImageParser@neocodex.us
[2009/11/21 03:07:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\PriceWizFF@neocodex.us
[2009/05/29 17:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\SaveSourceFF@neocodex.us
[2009/06/01 09:15:52 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\idb-weapon-search.xml
[2009/08/06 18:08:37 | 00,001,976 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\ilikecom.xml
[2009/07/23 13:28:39 | 00,001,831 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\jellyneo-item-database-search.xml
[2009/05/24 09:51:45 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\youtube-video-search.xml
[2009/07/22 21:07:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/02/04 22:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2009/07/16 22:23:14 | 00,001,216 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/15 13:44:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{caa4aefa-473c-11de-a03d-001583077df7}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{caa4aefa-473c-11de-a03d-001583077df7}\Shell\Shell00\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{caa4aefa-473c-11de-a03d-001583077df7}\Shell\Shell01\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{caa4aefa-473c-11de-a03d-001583077df7}\Shell\Shell02\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{cf80cc30-e4f4-11dc-a02e-001320086b25}\Shell\AutoRun\command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{cf80cc30-e4f4-11dc-a02e-001320086b25}\Shell\Shell00\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{cf80cc30-e4f4-11dc-a02e-001320086b25}\Shell\Shell01\Command - "" = J:\Autorun.exe -- File not found
O33 - MountPoints2\{cf80cc30-e4f4-11dc-a02e-001320086b25}\Shell\Shell02\Command - "" = J:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/15 13:43:35 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (49261513948528640)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/19 22:16:14 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
[2010/01/17 19:02:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SONY VAIO\My Documents\Design
[2010/01/07 22:39:32 | 00,000,000 | ---D | C] -- C:\Program Files\HotHotSoftware
[2008/03/30 10:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/01/03 16:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/03 11:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2007/10/31 08:18:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/06/20 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/11/15 13:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/11/15 13:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/15 13:43:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/19 22:16:18 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
[2010/01/19 07:15:45 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/19 06:55:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/19 06:55:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:34:00 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\SONY VAIO\NTUSER.DAT
[2010/01/18 20:33:22 | 11,639,712 | -H-- | M] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\IconCache.db
[2010/01/17 19:06:15 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 6.0.lnk
[2010/01/16 06:52:49 | 00,024,653 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Desktop\test.htm
[2010/01/15 20:13:20 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - SONY VAIO.job
[2010/01/13 07:23:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/11 09:44:28 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/11 09:43:46 | 00,006,855 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\My Documents\muratdil_all.nra
[2010/01/09 15:49:33 | 00,113,664 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 22:54:11 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\My Documents\definiatios osman is a cheater.doc
[2010/01/07 08:04:34 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/11 09:43:46 | 00,006,855 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\My Documents\muratdil_all.nra
[2010/01/07 22:54:10 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\My Documents\definiatios osman is a cheater.doc
[2009/07/27 17:29:24 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/07/23 10:58:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/06/26 04:36:54 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\Application Data\setup_ldm.iss
[2009/06/15 23:11:08 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/21 21:23:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/02/26 21:42:34 | 00,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/01/25 19:22:15 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\gsp.dll
[2007/11/22 12:49:14 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_zc0301plh.dll
[2007/06/28 23:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 23:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 23:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 23:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 23:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/06/26 23:07:04 | 03,416,064 | ---- | C] () -- C:\Program Files\Microsoft Money.mny
[2007/06/25 22:13:11 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2007/05/31 22:06:59 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/05/31 22:04:24 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2007/05/31 22:04:23 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2007/05/16 09:17:28 | 00,113,664 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/05 16:11:05 | 00,002,518 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/29 16:54:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/08 21:32:06 | 00,000,045 | ---- | C] () -- C:\WINDOWS\INSTALL.INI
[2007/03/26 19:53:34 | 00,000,240 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2007/02/17 22:52:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/16 19:39:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2007/01/30 10:50:47 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\fusioncache.dat
[2006/11/13 14:51:41 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/11/13 14:46:02 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/11/13 14:46:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/11/13 14:46:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/11/13 14:46:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/11/13 14:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/11/13 14:46:02 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/11/13 14:39:07 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/11/02 09:27:46 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2004/11/15 14:44:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/15 14:10:43 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/15 13:48:18 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/11/15 12:30:56 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/11/15 12:30:26 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/22 16:10:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/06/12 13:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 16:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2007/06/18 21:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/05/23 12:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2007/10/31 00:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/12/20 17:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2007/10/07 20:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LiveSubscribe
[2009/05/23 23:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/06/16 01:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/12/21 22:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/12 14:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/01/16 14:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\BitTorrent
[2008/02/26 21:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Ceedo
[2009/12/20 17:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\DAEMON Tools Pro
[2009/12/26 11:18:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\DNA
[2007/11/22 12:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\EyeSpyFX
[2007/04/14 20:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\InterVideo
[2009/11/29 22:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Leadertech
[2007/09/01 09:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Nova Development
[2009/05/23 23:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Subversion
[2009/12/12 14:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\WindSolutions
[2010/01/19 07:15:45 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2006/11/13 14:33:57 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2006/11/13 14:33:58 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2006/11/13 14:33:58 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2010/01/14 21:27:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/01/14 21:27:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
< End of report >


Thanks!

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 20 January 2010 - 01:32 PM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 20 January 2010 - 11:13 PM

Since I ran otl and restarted this keeps poping up:


And then i click close message then it gives me a "windows dont send" error when it closes that program then the message repeats like for any where from 1 - 20 times sad.gif

And randomly (like 20 minutes later) I get this forced shut down thing and it restart my computer sad.gif

Edited by yass, 21 January 2010 - 12:39 AM.


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 22 January 2010 - 02:35 PM

Like I wrote in the pm, please follow the steps above smile.gif.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 22 January 2010 - 02:51 PM

Just finished. So sorry I didn't do it earlier. When i was getting the errors I thought things were going wrong.

Here are the logs smile.gif
QUOTE
ComboFix 10-01-21.08 - SONY VAIO 01/22/2010 11:33:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.659 [GMT -8:00]
Running from: c:\documents and settings\SONY VAIO\Desktop\schrauber.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1960408961-616249376-725345543-1003
c:\recycler\S-1-5-21-3977344382-2026929294-377546046-1003
c:\windows\cuba .bmp
c:\windows\setup.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
.

2010-01-13 07:24 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 06:39 . 2010-01-08 06:39 -------- d-----w- c:\program files\HotHotSoftware
2010-01-02 01:47 . 2010-01-02 01:48 -------- d-----w- c:\program files\Cobian Backup 9
2009-12-28 02:57 . 2009-12-28 02:57 -------- d-----w- c:\program files\ESET
2009-12-28 00:28 . 2004-08-04 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2009-12-28 00:28 . 2004-08-04 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2009-12-28 00:28 . 2004-08-04 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2009-12-28 00:28 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2009-12-28 00:28 . 2004-08-04 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2009-12-28 00:28 . 2004-08-04 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2009-12-28 00:28 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-12-28 00:28 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2009-12-28 00:28 . 2004-08-04 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll
2009-12-28 00:28 . 2004-08-04 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2009-12-28 00:28 . 2004-08-04 12:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0804.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 20:50 . 2004-08-03 22:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-20 05:23 . 2006-11-13 22:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-18 03:36 . 2009-08-13 00:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-16 22:23 . 2009-06-08 14:23 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\BitTorrent
2010-01-16 21:02 . 2009-05-24 02:43 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\mIRC
2010-01-16 19:37 . 2009-05-24 02:43 -------- d-----w- c:\program files\mIRC
2010-01-14 19:12 . 2009-10-03 17:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 10:00 . 2004-11-15 20:30 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-11-15 20:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-11-15 20:29 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-29 08:31 . 2007-01-30 18:50 62672 ----a-w- c:\documents and settings\SONY VAIO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 03:54 . 2009-07-23 18:58 -------- d-----w- c:\program files\Cheat Engine
2009-12-26 19:18 . 2009-06-08 14:23 -------- d-----w- c:\program files\DNA
2009-12-26 19:18 . 2009-06-08 14:23 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\DNA
2009-12-23 07:45 . 2009-12-21 01:27 52224 ----a-w- c:\documents and settings\SONY VAIO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-23 07:45 . 2009-12-21 01:27 117760 ----a-w- c:\documents and settings\SONY VAIO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-22 06:12 . 2009-12-22 06:12 -------- d-----w- c:\program files\FLV Player
2009-12-22 06:11 . 2009-07-28 01:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-21 05:47 . 2009-12-21 05:33 -------- d-----w- c:\program files\GameSpy Arcade
2009-12-21 05:14 . 2009-12-21 05:14 -------- d-----w- c:\program files\Elaborate Bytes
2009-12-21 02:15 . 2009-12-21 01:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 01:26 . 2009-12-21 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-21 01:26 . 2009-12-21 01:26 65024 ----a-r- c:\documents and settings\SONY VAIO\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-12-21 01:26 . 2009-12-21 01:26 5120 ----a-r- c:\documents and settings\SONY VAIO\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2009-12-21 01:26 . 2009-12-21 01:26 18944 ----a-r- c:\documents and settings\SONY VAIO\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-12-21 01:26 . 2009-12-21 01:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-21 01:26 . 2009-12-21 01:26 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\SUPERAntiSpyware.com
2009-12-21 01:25 . 2009-12-21 01:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-21 01:18 . 2009-12-21 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-12-21 01:17 . 2009-12-21 01:17 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\DAEMON Tools Pro
2009-11-30 06:07 . 2009-11-30 06:07 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\Sonic
2009-11-30 06:07 . 2009-11-30 06:07 -------- d-----w- c:\documents and settings\SONY VAIO\Application Data\Leadertech
2009-11-21 16:36 . 2004-11-15 20:29 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-06-27 07:08 . 2007-06-27 07:07 3416064 ----a-w- c:\program files\Microsoft Money.mny
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-11-02 16:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-17 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 58984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 05:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 17:06 88363 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-10-14 00:00 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-10-22 01:44 2744832 ----a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-10 05:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 17:44 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
2004-07-16 19:17 53248 ----a-w- c:\windows\SONYSYS\VAIO Recovery\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 23:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-10-08 15:27 126976 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-10-08 15:31 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 10:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
2006-11-09 19:00 24576 ----a-w- c:\documents and settings\SONY VAIO\Local Settings\Application Data\Lexar Media\LxrAutorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-29 07:43 8466432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-29 07:43 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-29 07:43 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-10-21 22:20 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2007-04-18 03:19 100056 ----a-w- c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 05:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 02:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/23/2009 11:21 PM 47640]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2/26/2008 9:42 PM 72672]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
R3 USBFVNETR;NETGEAR MA101 USB Adapter;c:\windows\system32\drivers\ma101rndxp.sys [5/23/2009 4:31 PM 76160]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2010-01-16 c:\windows\Tasks\Norton AntiVirus - Scan my computer - SONY VAIO.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2004-08-30 20:54]

2006-11-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]

2006-11-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]

2006-11-13 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
FF - ProfilePath - c:\documents and settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IDB Weapon search
FF - prefs.js: browser.startup.homepage - GOOGLE.COM
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LxrSII1s.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2010-01-22 11:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-22 19:50

Pre-Run: 147,998,334,976 bytes free
Post-Run: 149,700,636,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4967F589E4E18F61ED79BAFB2CE3AA6F


Thanks very very much tom!

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 22 January 2010 - 03:17 PM

Looks not so bad smile.gif



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 26 January 2010 - 12:20 AM

Oh shoot so sorry I didn't even see your reply. Thanks man. I tried to run MBAM but it gave a runtime error two of them (first one circled in red and 2nd in green) and then woulnd't run. This happend after running through all the fixing steps above. sad.gif Do you think the combofix might have disabled it?

Attached Files



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:43 AM

Posted 26 January 2010 - 04:17 PM

Just ignore Malwarebytes and follow the rest of the instructions please smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 yass

yass
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Local time:02:43 AM

Posted 27 January 2010 - 09:17 AM

It took awhile to run. I'm going to run the otl now smile.gif
Here's the eset list viruses:
QUOTE
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.RF virus deleted - quarantined


OTL didn't give me extra.txt sad.gif
Here's OTL.txt:
QUOTE
OTL logfile created on: 1/27/2010 6:18:54 AM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\SONY VAIO\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 488.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181.30 Gb Total Space | 138.76 Gb Free Space | 76.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 700.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: E58AEB3F9A6342E
Current User Name: SONY VAIO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/27 06:17:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
PRC - [2010/01/07 08:30:07 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/05/09 13:09:24 | 00,606,720 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/01/09 17:32:04 | 00,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/09 17:32:02 | 00,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/09 17:32:02 | 00,058,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/06/14 13:48:42 | 00,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2006/01/09 13:56:04 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2005/04/18 19:49:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2004/10/25 09:35:32 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 09:35:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 09:35:30 | 00,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/07/21 08:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/27 06:17:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
MOD - [2006/08/25 07:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/12/20 09:57:16 | 00,198,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\ASOEHOOK.DLL
MOD - [2003/02/21 04:42:22 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Unknown | Stopped] -- -- (FLEXnet Licensing Service)
SRV - [2007/06/28 23:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/09 17:32:04 | 00,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/09 17:32:04 | 00,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2007/01/09 17:32:02 | 00,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/07/25 18:03:42 | 02,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 00,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/06/14 13:48:42 | 00,235,168 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/01/09 13:56:04 | 00,049,152 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/19 12:55:00 | 00,067,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService)
SRV - [2005/10/19 12:54:14 | 00,177,264 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/04/18 19:49:24 | 00,083,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2005/03/07 14:59:36 | 00,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/11/02 15:42:42 | 01,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 09:35:34 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 09:35:32 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 09:35:32 | 00,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 09:35:30 | 00,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/09/09 18:09:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/07/21 08:24:04 | 00,173,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 11:58:14 | 00,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 03:42:34 | 00,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 03:41:06 | 00,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/10/30 12:48:10 | 01,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "GOOGLE.COM"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: cdxFireNSI_FF@neocodex.us:2.0
FF - prefs.js..extensions.enabledItems: CliffhangerFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.4
FF - prefs.js..extensions.enabledItems: HarvestPricerFF@neocodex.us:2.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.15
FF - prefs.js..extensions.enabledItems: NeoFiller@neocodex.us:2.0
FF - prefs.js..extensions.enabledItems: NQ2TrainerFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: NTrainFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: PetImageParser@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: PriceWizFF@neocodex.us:1.0
FF - prefs.js..extensions.enabledItems: SaveSourceFF@neocodex.us:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 19:33:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 08:30:15 | 00,000,000 | ---D | M]

[2009/05/23 17:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Extensions
[2010/01/26 09:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions
[2007/07/31 07:45:06 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2009/06/19 23:22:44 | 00,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009/08/12 15:42:32 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/14 15:55:48 | 00,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/09/07 01:50:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\AuctionTimeFF@neocodex.us
[2010/01/26 10:49:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\cdxFireNSI_FF@neocodex.us
[2010/01/17 16:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\CliffhangerFF@neocodex.us
[2009/11/04 10:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\firebug@software.joehewitt.com
[2009/10/14 14:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\HarvestPricerFF@neocodex.us
[2009/05/29 17:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\inspector@mozilla.org
[2009/09/03 17:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\NeoFiller@neocodex.us
[2009/08/25 21:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\NQ2TrainerFF@neocodex.us
[2009/12/18 12:21:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\NTrainFF@neocodex.us
[2009/05/27 20:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\PetImageParser@neocodex.us
[2009/11/21 03:07:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\PriceWizFF@neocodex.us
[2009/05/29 17:43:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\extensions\SaveSourceFF@neocodex.us
[2009/06/01 09:15:52 | 00,001,600 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\idb-weapon-search.xml
[2009/08/06 18:08:37 | 00,001,976 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\ilikecom.xml
[2009/07/23 13:28:39 | 00,001,831 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\jellyneo-item-database-search.xml
[2009/05/24 09:51:45 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Application Data\Mozilla\Firefox\Profiles\yabf2xru.default\searchplugins\youtube-video-search.xml
[2009/07/22 21:07:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 16:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/02/04 22:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2010/01/22 11:42:51 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/15 13:44:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/11/15 13:43:35 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/24 18:30:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/24 18:27:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SONY VAIO\My Documents\intro nano
[2010/01/22 11:27:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/22 11:25:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/22 11:25:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/22 11:25:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/22 11:25:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/22 11:24:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/22 11:04:46 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/19 22:16:14 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
[2010/01/17 19:02:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\SONY VAIO\My Documents\Design
[2008/03/30 10:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2008/01/03 16:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/03 11:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2007/10/31 08:18:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/06/20 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec
[2004/11/15 13:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/11/15 13:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/11/15 13:43:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/27 06:17:45 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SONY VAIO\Desktop\OTL.exe
[2010/01/27 01:37:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/24 21:26:46 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\My Documents\THE OA TIMES.doc
[2010/01/24 21:25:04 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\My Documents\research 2.doc
[2010/01/24 06:06:37 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/24 06:06:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 22:06:57 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\SONY VAIO\NTUSER.DAT
[2010/01/22 20:00:11 | 00,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - SONY VAIO.job
[2010/01/22 11:43:09 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/22 11:42:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/22 11:41:26 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\SONY VAIO\ntuser.ini
[2010/01/22 11:27:26 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/22 11:20:34 | 11,640,544 | -H-- | M] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\IconCache.db
[2010/01/22 11:04:20 | 03,833,308 | R--- | M] () -- C:\Documents and Settings\SONY VAIO\Desktop\schrauber.exe
[2010/01/22 07:08:37 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\My Documents\Che 118 HW_2 (10).doc
[2010/01/16 06:52:49 | 00,024,653 | ---- | M] () -- C:\Documents and Settings\SONY VAIO\Desktop\test.htm
[2010/01/13 07:23:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/24 21:26:46 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\My Documents\THE OA TIMES.doc
[2010/01/24 21:25:04 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\My Documents\research 2.doc
[2010/01/22 11:27:25 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/22 11:27:19 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/22 11:25:04 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/22 11:25:04 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/22 11:25:04 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/22 11:25:04 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/22 11:25:04 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/22 11:04:04 | 03,833,308 | R--- | C] () -- C:\Documents and Settings\SONY VAIO\Desktop\schrauber.exe
[2010/01/22 07:08:34 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\My Documents\Che 118 HW_2 (10).doc
[2009/07/27 17:29:24 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/07/23 10:58:29 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/06/26 04:36:54 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\Application Data\setup_ldm.iss
[2009/06/15 23:11:08 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/21 21:23:50 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/02/26 21:42:34 | 00,072,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2008/01/25 19:22:15 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\gsp.dll
[2007/11/22 12:49:14 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_zc0301plh.dll
[2007/06/28 23:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 23:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 23:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 23:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 23:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/06/26 23:07:04 | 03,416,064 | ---- | C] () -- C:\Program Files\Microsoft Money.mny
[2007/06/25 22:13:11 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2007/05/31 22:06:59 | 00,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/05/31 22:04:24 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2007/05/31 22:04:23 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2007/05/16 09:17:28 | 00,113,664 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/05 16:11:05 | 00,002,518 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/29 16:54:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/04/08 21:32:06 | 00,000,045 | ---- | C] () -- C:\WINDOWS\INSTALL.INI
[2007/03/26 19:53:34 | 00,000,240 | ---- | C] () -- C:\WINDOWS\vuepro32.ini
[2007/02/17 22:52:42 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/16 19:39:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2007/01/30 10:50:47 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\SONY VAIO\Local Settings\Application Data\fusioncache.dat
[2006/11/13 14:51:41 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2006/11/13 14:46:02 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/11/13 14:46:02 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/11/13 14:46:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/11/13 14:46:02 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/11/13 14:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/11/13 14:46:02 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/11/13 14:39:07 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/11/02 09:27:46 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2004/11/15 14:44:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/15 14:10:43 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/11/15 13:48:18 | 00,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/11/15 12:30:56 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/11/15 12:30:26 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/22 16:10:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/06/12 13:21:12 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/10/24 16:00:40 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll

========== LOP Check ==========

[2007/06/18 21:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/05/23 12:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2007/10/31 00:13:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/12/20 17:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2007/10/07 20:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LiveSubscribe
[2009/05/23 23:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/06/16 01:41:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/12/21 22:11:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/12 14:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/01/16 14:23:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\BitTorrent
[2008/02/26 21:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Ceedo
[2009/12/20 17:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\DAEMON Tools Pro
[2009/12/26 11:18:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\DNA
[2007/11/22 12:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\EyeSpyFX
[2007/04/14 20:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\InterVideo
[2009/11/29 22:07:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Leadertech
[2007/09/01 09:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Nova Development
[2009/05/23 23:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\Subversion
[2009/12/12 14:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\SONY VAIO\Application Data\WindSolutions
[2010/01/27 01:37:20 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2006/11/13 14:33:57 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2006/11/13 14:33:58 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2006/11/13 14:33:58 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2010/01/21 12:50:31 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/01/21 12:50:31 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/01/21 12:50:31 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
< End of report >

Edited by yass, 27 January 2010 - 09:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users