Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected But Don't Know With What


  • Please log in to reply
28 replies to this topic

#1 kluciano

kluciano

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 03 June 2006 - 08:34 PM

I download a file the gave my computer serveral viruses (I am not sure of the names). Most of them have been removed by ad-aware/Mcafee and other good tools. The one thing that is hanging around is that I have a constant clicking noise like someone is navigating web pages when I am not doing anything. I was monitoring the explorer.exe file and found when I hear the clicks there is httpout activity to ip addresses. If I type in the ip addresses some of it seems like popups. I have run hijackthis and below is the log. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:27 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Kelly\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe,fhwjyab.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - Startup: Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149073979062
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\thlxdcs.exe (file missing)

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 09:35 AM

Hi


Download Brute Force Uninstaller to your C:\
Unzip it to a folder of its own (C:BFU).
  • BFU should be on your root. In most cases this is C:
  • Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.


#3 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 04 June 2006 - 01:09 PM

Here is my logfile after running Bruteforce UnInstaller...

Logfile of HijackThis v1.99.1
Scan saved at 2:02:06 PM, on 6/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\S6V5CEC6\HijackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - Startup: Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: Harmony Monitor.lnk = C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Remocon Driver.lnk = ?
O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149073979062
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {E67F5856-E2F5-40FE-9CFF-6AEFC9EA0AAA} (EventLogScan Class) - http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\thlxdcs.exe (file missing)

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2006 - 01:32 PM

Right-Click Here and Click "Save As" to download DelDomains.inf to your desktop.

Right Click DelDomains.inf on your desktop and select "Install"

It will perform a silent process>Give it a minute to run


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\thlxdcs.exe (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK

sc delete Windows Overlay Components


Make sure Ewido has the latest updates.


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp


Locate and Delete if found

C:\WINDOWS\system32\kernels8.exe<-- File


With all Windows and Browsers Closed--> Scan the entire System with Ewido--> Remove all it finds and be sure to Save the Report.


Restart Normal and Let me see a HijackThis Start Up log.

Open HijackThis and Click the "Open Misc Tools Section" tab.

Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to copy the entire contents of that page to the next reply.


Please run the F-Secure Online Scanner
  • Follow the directions in the F-Secure page for proper Installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Custom Scan and be sure the following are checked.
    • Scan whole System
    • Scan programs and documents
    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the I want to decide item by item button.
  • For each item found,Select Disinfect and Click Next
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with a the HijackThis Startup log and Ewido Report in one reply.


Post the results of the F-Secure scan in a seperate reply.

#5 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 05 June 2006 - 07:09 PM

I ran everything you said but when I ran the F-Secure Online Scanner it would detect the viruses but when I did the disinfect I got the error below. I tried it 3 times. I successfully ran the other tools and am posting those results under the error.

Windows Internet Explorer
An error has occured! Please close the scanner and your browser then try again (Id:10)

StartupList report, 6/4/2006, 4:39:10 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Kelly\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5346.0005)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\DOCUME~1\Kelly\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kelly\Start Menu\Programs\Startup]
Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
Harmony Monitor.lnk = C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Remocon Driver.lnk = ?
Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CreateCD_Reminder = C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
VAIO Update 2 = "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
VAIO Recovery = C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
VMConsole.exe = C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
SoundMan = SOUNDMAN.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SsAAD.exe = C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
NeroCheck = C:\WINDOWS\system32\\NeroCheck.exe
WildTangent CDA = "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
AnyDVD = "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
CloneCDTray = "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
AlcWzrd = ALCWZRD.EXE
Alcmtr = ALCMTR.EXE
PrevxOne = C:\Program Files\Prevx1\PXConsole.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI file not found*
run=*INI file not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI file not found*
SCRNSAVE.EXE=*INI file not found*
drivers=*INI file not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe is MISSING!
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Malicious Scripts Scanner - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Malicious Software Removal Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
CODEBASE = http://download.microsoft.com/download/5/c.../WebCleaner.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1149073979062

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[EventLogScan Class]
InProcServer32 = C:\temp\atlexplorer\ATLExplorer.dll
CODEBASE = http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVC Device: system32\DRIVERS\avc.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Sony DMI Call service: system32\DRIVERS\DMICall.sys (system)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: system32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Prt.sys (manual start)
Scan Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Scan.sys (manual start)
Dot4USB Filter Dot4USB Filter: system32\DRIVERS\dot4usb.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Eacfilt Miniport: system32\DRIVERS\eacfilt.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
EntDrv51: \??\C:\WINDOWS\system32\drivers\EntDrv51.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Giga Pocket Hardware Detector: C:\Program Files\Sony\Giga Pocket\shwserv.exe (autostart)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
Nortel Extranet Access Protocol: system32\DRIVERS\ipsecw2k.sys (autostart)
Nortel IPSECSHM Adapter: system32\DRIVERS\ipsecw2k.sys (manual start)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart (autostart)
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" (autostart)
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
Windows installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
NaiAvTdi1: system32\drivers\mvstdi5x.sys (system)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
Microsoft IntelliPoint Filter Driver: system32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (disabled)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Prevx Agent: "C:\Program Files\Prevx1\PXAgent.exe" -f (autostart)
PREVX Kernel Mode Agent: system32\drivers\pxfsf.sys (system)
PREVX Emulator Driver: system32\drivers\pxemu.sys (manual start)
PREVX Tdi filter: system32\drivers\pxtdi.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
PREVX Rootkitscan driver: \??\C:\WINDOWS\system32\drivers\pxrd.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sony MPEG RealTime encoder board: system32\DRIVERS\smrt.sys (manual start)
Sony TV Tuner Controller: C:\Program Files\Sony\Giga Pocket\halsv.exe (manual start)
Sony TV Tuner Manager: C:\Program Files\Sony\Giga Pocket\RM_SV.exe (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2FB9DBB6-F95D-4584-A97D-B583E76C9544} (manual start)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VAIO Entertainment Aggregation and Control Service: "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe" (manual start)
VAIO Entertainment File Import Service: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe (autostart)
VAIO Entertainment TV Device Arbitration Service: "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" (manual start)
VAIO Entertainment UPnP Client Adapter: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM (manual start)
VAIO Media Integrated Server: C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (autostart)
VAIO Media Integrated Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" (autostart)
VAIO Media Integrated Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (autostart)
VAIO Media Video Server: "C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server" (autostart)
VAIO Media Video Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP" (autostart)
VAIO Media Video Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Overlay Components: C:\WINDOWS\thlxdcs.exe (disabled)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

WinUpdate.exe = C:\Program Files\Windows\WinUpdate.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,907 bytes
Report generated in 2.860 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:34:03 PM, 6/4/2006
+ Report-Checksum: 7BB23473

+ Scan result:

C:\Documents and Settings\Kelly\Cookies\kelly@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Kelly\Cookies\kelly@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup


::Report End

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 June 2006 - 08:25 PM

OK,lets take this a piece at a time.


Copy the text in the Quote box to a blank notepad page and Save it to the Desktop with the name Clr.reg but dont run it yet.


REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]




Go back to Safe Mode--> Locate and Delete if found

C:\Program Files\Windows\WinUpdate.exe


Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK

sc delete ws2ifsl

and

sc delete Windows Overlay Components


Locate and Double Click Clr.reg and allow it to merge into the registry.


Restart Normal and Completely disable both Prevx and Windows Defender.

Try to run the F-Secure scan again and post a fresh HijackThis StartUp Log.

Edited by Cretemonster, 05 June 2006 - 08:26 PM.


#7 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 07 June 2006 - 06:17 AM

I did what you asked and everything was successful except for the F-Sercuvre online scanner. When I run it still and I go to disinfect I get that same error but it is on the same virus (win32.vb.) I have the exact name at work I will post it when I get there. Here is the new log you requested.

StartupList report, 6/6/2006, 11:10:13 AM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Kelly\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5346.0005)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Sierra\Planner\PLNRnote.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Sony\Giga Pocket\ReserveModule.exe
C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperManagerExe.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sony\Giga Pocket\gps.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Sony\Giga Pocket\RM_SV.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Kelly\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kelly\Start Menu\Programs\Startup]
Pinnacle Systems - Studio Family.lnk = C:\Program Files\Pinnacle\Studio DV\ERegister\Remind32.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Event Planner Reminders Tray Icon.lnk = C:\Program Files\Sierra\Planner\PLNRnote.exe
Harmony Monitor.lnk = C:\Program Files\Intrigue Technologies\Harmony Remote\EasyZapperMonitor.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Remocon Driver.lnk = ?
Timer Recording Manager.lnk = C:\Program Files\Sony\Giga Pocket\ReserveModule.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CreateCD_Reminder = C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
VAIO Update 2 = "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
VAIO Recovery = C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
VMConsole.exe = C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
SoundMan = SOUNDMAN.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SsAAD.exe = C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
NeroCheck = C:\WINDOWS\system32\\NeroCheck.exe
WildTangent CDA = "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
AnyDVD = "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
CloneCDTray = "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
AlcWzrd = ALCWZRD.EXE
Alcmtr = ALCMTR.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI file not found*
run=*INI file not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI file not found*
SCRNSAVE.EXE=*INI file not found*
drivers=*INI file not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe is MISSING!
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Malicious Scripts Scanner - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Malicious Software Removal Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
CODEBASE = http://download.microsoft.com/download/5/c.../WebCleaner.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1149073979062

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[F-Secure Online Scanner 3.0]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll
CODEBASE = http://support.f-secure.com/ols3/fscax.cab

[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[EventLogScan Class]
InProcServer32 = C:\temp\atlexplorer\ATLExplorer.dll
CODEBASE = http://www.windowsecurity.com/eventlogscan/ATLExplorer.CAB

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: system32\DRIVERS\61883.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVC Device: system32\DRIVERS\avc.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Sony DMI Call service: system32\DRIVERS\DMICall.sys (system)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: system32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Prt.sys (manual start)
Scan Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Scan.sys (manual start)
Dot4USB Filter Dot4USB Filter: system32\DRIVERS\dot4usb.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Eacfilt Miniport: system32\DRIVERS\eacfilt.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
EntDrv51: \??\C:\WINDOWS\system32\drivers\EntDrv51.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Giga Pocket Hardware Detector: C:\Program Files\Sony\Giga Pocket\shwserv.exe (autostart)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
Nortel Extranet Access Protocol: system32\DRIVERS\ipsecw2k.sys (autostart)
Nortel IPSECSHM Adapter: system32\DRIVERS\ipsecw2k.sys (manual start)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart (autostart)
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" (autostart)
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
MSCSPTISRV: "C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe" (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)
Windows installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
NaiAvTdi1: system32\drivers\mvstdi5x.sys (system)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
PACSPTISVR: "C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (autostart)
Microsoft IntelliPoint Filter Driver: system32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (disabled)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Prevx Agent: "C:\Program Files\Prevx1\PXAgent.exe" -f (autostart)
PREVX Kernel Mode Agent: system32\drivers\pxfsf.sys (system)
PREVX Emulator Driver: system32\drivers\pxemu.sys (manual start)
PREVX Tdi filter: system32\drivers\pxtdi.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
PREVX Rootkitscan driver: \??\C:\WINDOWS\system32\drivers\pxrd.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sony MPEG RealTime encoder board: system32\DRIVERS\smrt.sys (manual start)
Sony TV Tuner Controller: C:\Program Files\Sony\Giga Pocket\halsv.exe (manual start)
Sony TV Tuner Manager: C:\Program Files\Sony\Giga Pocket\RM_SV.exe (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" (manual start)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SonicStage SCSI Service: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2FB9DBB6-F95D-4584-A97D-B583E76C9544} (manual start)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
VAIO Entertainment Aggregation and Control Service: "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe" (manual start)
VAIO Entertainment File Import Service: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe (autostart)
VAIO Entertainment TV Device Arbitration Service: "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" (manual start)
VAIO Entertainment UPnP Client Adapter: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM (manual start)
VAIO Media Integrated Server: C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (autostart)
VAIO Media Integrated Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" (autostart)
VAIO Media Integrated Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (autostart)
VAIO Media Video Server: "C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server" (autostart)
VAIO Media Video Server (HTTP): "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP" (autostart)
VAIO Media Video Server (UPnP): C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Overlay Components: C:\WINDOWS\thlxdcs.exe (disabled)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

WinUpdate.exe = C:\Program Files\Windows\WinUpdate.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,778 bytes
Report generated in 1.578 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#8 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 07 June 2006 - 06:51 AM

The virus the F-Scanner keeps getting an error on and quitting is Trojan.Win32.VB.tg

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2006 - 10:02 AM

Can you get the filename and path?

#10 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 07 June 2006 - 02:00 PM

Everytime I run F-Secure Online Scanner in Multi-User mode it hangs my computer. I can run it in Safe Mode...but then I get the other issue.

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2006 - 03:37 PM

OK,lets go another route!

Right Click the Desktop and Select New--> Folder--> Name it SysClean
  • Download the Sysclean Package to the folder you made.
  • Next,download the Virus Pattern Files (Official Pattern Release) and Spyware Pattern Files (Official Pattern Release) to your desktop from Here
  • Right Click each and Select Extract All to unzip the 2 folders.
  • Now,from the unzipped folders,move lpt$vpn.XXX and tmaptn.XXX files to the SysClean folder.
  • Restart in SAFE MODE(Tap F8 when restarting)
  • Open the SysClean Folder and doubleclick sysclean.com
  • Be sure Automatically clean or delete detected files is checked.
  • Click the Scan button to begin,please be patient,it will take a little bit to finish.
  • Once complete,verify the log from the scan (SYSCLEAN.LOG) is in the SysClean folder and restart back to Normal Mode.
  • Copy&Paste those results in the next reply.


#12 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 07 June 2006 - 07:04 PM

Here is the log from sysclean...



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-06-07, 17:02:24, Auto-clean mode specified.
2006-06-07, 17:02:24, Running scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\TSC.BIN"...
2006-06-07, 17:03:09, Scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\TSC.BIN" has finished running.
2006-06-07, 17:03:09, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Wed Jun 07 2006 17:02:24

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Administrator\Desktop\sysclean\tsc.ptn" (version 746) [success]

Complete time : Wed Jun 07 2006 17:03:08
Execute pattern count(3096), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-06-07, 17:06:28, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Access is denied.
2006-06-07, 17:06:28, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Access is denied.
2006-06-07, 17:06:34, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-06-07, 17:06:34, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-06-07, 17:07:21, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49f1a3fb398fce52aca18a6f8dae50f9_80179b3d-fe70-49f5-b0fb-36712d033296": Access is denied.
2006-06-07, 17:07:21, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\606d95977c275ec3a333ef7fd0d53cc2_80179b3d-fe70-49f5-b0fb-36712d033296": Access is denied.
2006-06-07, 17:07:21, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2006-06-07, 17:11:56, An error was detected on "C:\Documents and Settings\Karin\Local Settings\Temporary Internet Files\AntiPhishing\*.*": Access is denied.
2006-06-07, 17:25:13, An error was detected on "C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\AntiPhishing\*.*": Access is denied.
2006-06-07, 18:16:35, An error was detected on "C:\Documents and Settings\Kelly\My Documents\?ppPatch\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-06-07, 18:16:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2006-06-07, 18:16:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2006-06-07, 18:16:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-06-07, 18:16:39, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-06-07, 18:16:40, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-06-07, 18:16:40, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-06-07, 18:16:40, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-06-07, 18:16:40, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-06-07, 18:39:33, Could not set file for reading on "C:\quarantine\count.jar-53a5f306-5429fb9d.zip.Vir": Access is denied.
2006-06-07, 18:39:33, Could not set file for reading on "C:\quarantine\infected.log": Access is denied.
2006-06-07, 18:39:34, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\AIM.EXE-064777BB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ALCMTR.EXE-01A7139B.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ALCWZRD.EXE-2B4E256F.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ANYDVD.EXE-1C951801.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CLIENT.EXE-19210640.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CLONECDTRAY.EXE-25FF090B.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DLLHOST.EXE-0F88CAAB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\EASYZAPPERMANAGEREXE.EXE-29D88CAB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\EASYZAPPERMONITOR.EXE-1354F309.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\FSGK32.EXE-06398C43.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\FSSM32.EXE-0AD093A8.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\GAMEDRVR.EXE-158B4059.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\GPS.EXE-1724E880.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\GPVSVR.EXE-055820BA.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-01977345.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HKCMD.EXE-0F06AE14.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQIMZONE.EXE-03AB5BA9.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQPPROP.EXE-0F7B3BB1.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQSTE08.EXE-007EAA1E.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQTBX01.EXE-0B0F46DE.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQTHB08.EXE-13180313.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQTRA08.EXE-014253AB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPRBLOG.EXE-0F621D15.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPWUSCHD2.EXE-162EFF4C.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IGFXTRAY.EXE-0A23D403.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPODSERVICE.EXE-37043579.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2A1A87DD.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MCSCRIPT_INUSE.EXE-071D52A1.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MCUPDATE.EXE-16E0583A.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MPAS-D.EXE-17905AE2.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MPCMDRUN.EXE-177DBF1A.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-09FBAE7E.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSASCUI.EXE-187460F9.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\OFFPROV.EXE-1E5B3775.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA9.EXE-0C262942.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-254EE9C3.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\PARTSEAL.EXE-17AB73E8.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\PLANNER.EXE-21FCD70E.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\PLNRNOTE.EXE-094D7032.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\POINT32.EXE-0C2C2E7E.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\PXAGENT.EXE-107FDEF8.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\PXCONSOLE.EXE-000939DD.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\PXL1.EXE-0191D158.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\REALPLAY.EXE-05411014.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\REALSCHED.EXE-0948A6AF.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\REMIND32.EXE-2142CBEE.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\REMINDER.EXE-36CA7C1B.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\RESERVEMODULE.EXE-03B084D2.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\RGDRVLS.EXE-37EB1EED.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\RM_SV.EXE-05CB1B54.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4F86B917.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SHSTAT.EXE-01D8DC23.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SOUNDMAN.EXE-2979F3F4.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SSAAD.EXE-06B7FD4F.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SSMYPICS.SCR-2B33A3BB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SSSCSISV.EXE-1F8DC7DB.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SV_HTTPD.EXE-2189ABB7.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMWSC.EXE-06237CF7.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\TBMON.EXE-1948DE3B.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\TYPE32.EXE-346CA305.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATERUI.EXE-3411FB8B.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\UPNPFRAMEWORK.EXE-229D9D58.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\USBSIRCS.EXE-118230A5.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\VAIOUPDT.EXE-05AE07F9.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\VIEWMGR.EXE-0F5AF60C.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\VMCONSOLE.EXE-24B1EE74.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\VMISRV.EXE-2C53EFC4.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\VZFW.EXE-16396437.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\WCMDMGRL.EXE-0C8B70C5.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2006-06-07, 18:43:08, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2006-06-07, 18:44:46, An error occurred while scanning file "C:\WINDOWS\system32\CatRoot2\edb.log": Access is denied.
2006-06-07, 18:44:46, An error occurred while scanning file "C:\WINDOWS\system32\CatRoot2\tmp.edb": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2006-06-07, 18:44:49, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-06-07, 18:45:25, An error was detected on "C:\WINDOWS\system32\s?curity\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-06-07, 18:45:38, Running scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN"...
2006-06-07, 19:30:08, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 6/7/2006 18:45:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 485 (115846 Patterns) (2006/06/07) (348500)
Command Line: C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\sysclean

C:\Documents and Settings\Administrator\Desktop\sysclean\sysclean.exe [VBS_Generic]
114583 files have been read.
114583 files have been checked.
102326 files have been scanned.
186702 files have been scanned. (including files in archived)
2 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/7/2006 19:30:08
---------*---------*---------*---------*---------*---------*---------*---------*
2006-06-07, 19:30:08, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 6/7/2006 18:45:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 485 (115846 Patterns) (2006/06/07) (348500)
Command Line: C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\sysclean

Success Clean [ JAVA_BYTEVER.A]( 1) from C:\quarantine\count.jar-53a5f306-5429fb9d.zip.Vir,(Beyond.class)
114583 files have been read.
114583 files have been checked.
102326 files have been scanned.
186702 files have been scanned. (including files in archived)
2 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/7/2006 19:30:08 44 minutes 28 seconds (2668.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-06-07, 19:30:08, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 6/7/2006 18:45:38
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 485 (115846 Patterns) (2006/06/07) (348500)
Command Line: C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\sysclean

114583 files have been read.
114583 files have been checked.
102326 files have been scanned.
186702 files have been scanned. (including files in archived)
2 files containing viruses.
Found 5 viruses totally.
Maybe 0 viruses totally.
Stop At : 6/7/2006 19:30:08 44 minutes 28 seconds (2668.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-06-07, 19:30:08, Scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN" has finished running.

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2006 - 07:19 PM

See if you can locate these 2 folders

C:\Documents and Settings\Kelly\My Documents\?ppPatch<-- Name may be AppPatch

C:\WINDOWS\system32\s?curity<-- Name may be Security


Download WinPFind to your C Drive.
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

Once you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Restart Normal and post the log from WinPFind

#14 kluciano

kluciano
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 07 June 2006 - 07:40 PM

Here is the log...I did find those folders but they were empty. I removed them...

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 7.0.5346.5

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
Umonitor 6/3/2006 10:15:06 AM 121515 C:\WINDOWS\pxinstall_log.txt

Checking %System% folder...
PEC2 8/4/2004 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10/26/2004 6:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 6:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PTech 5/23/2006 5:26:00 PM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 8/4/2004 8:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 8:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 5/23/2006 5:25:52 PM 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/31/2006 7:59:32 PM H 0 C:\WINDOWS\0.log
5/28/2006 3:53:48 PM H 73728 C:\WINDOWS\ALCFDRTM.VER
6/7/2006 4:29:42 PM S 2048 C:\WINDOWS\bootstat.dat
5/30/2006 7:15:44 PM H 53 C:\WINDOWS\bweeqe.dat
6/2/2006 7:21:26 AM H 133262 C:\WINDOWS\comsetup.log
5/31/2006 5:33:08 PM H 458 C:\WINDOWS\cxgig.dll
6/2/2006 7:21:24 AM H 368523 C:\WINDOWS\FaxSetup.log
5/29/2006 8:03:34 PM H 500 C:\WINDOWS\GEARInstall.log
6/2/2006 7:21:26 AM H 57882 C:\WINDOWS\iis6.log
5/30/2006 7:13:36 PM H 45 C:\WINDOWS\jptc.dat
5/31/2006 7:16:52 AM H 27314 C:\WINDOWS\KB890046.log
5/31/2006 7:14:40 AM H 22528 C:\WINDOWS\KB890859.log
6/1/2006 3:06:04 AM H 26089 C:\WINDOWS\KB893756.log
5/31/2006 7:14:58 AM H 22656 C:\WINDOWS\KB894391.log
6/1/2006 3:04:52 AM H 24625 C:\WINDOWS\KB896358.log
6/1/2006 3:06:48 AM H 30348 C:\WINDOWS\KB896422.log
6/1/2006 3:05:44 AM H 27514 C:\WINDOWS\KB896423.log
6/1/2006 3:06:12 AM H 26233 C:\WINDOWS\KB896424.log
5/31/2006 7:16:02 AM H 22219 C:\WINDOWS\KB896428.log
5/31/2006 7:18:40 AM H 27707 C:\WINDOWS\KB898458.log
6/1/2006 3:07:02 AM H 27365 C:\WINDOWS\KB899587.log
6/1/2006 3:06:20 AM H 26342 C:\WINDOWS\KB899591.log
5/31/2006 7:16:34 AM H 26790 C:\WINDOWS\KB900725.log
6/1/2006 3:06:28 AM H 26023 C:\WINDOWS\KB901017.log
5/31/2006 7:16:14 AM H 22876 C:\WINDOWS\KB901190.log
5/31/2006 7:16:40 AM H 26283 C:\WINDOWS\KB901214.log
5/31/2006 7:17:08 AM H 35077 C:\WINDOWS\KB902400.log
5/31/2006 7:16:20 AM H 23634 C:\WINDOWS\KB904706.log
5/31/2006 7:16:44 AM H 27049 C:\WINDOWS\KB905414.log
5/31/2006 7:16:08 AM H 23425 C:\WINDOWS\KB905749.log
5/31/2006 7:17:32 AM H 38317 C:\WINDOWS\KB905915.log
5/31/2006 7:14:52 AM H 20516 C:\WINDOWS\KB908519.log
5/31/2006 7:18:46 AM H 31222 C:\WINDOWS\KB910437.log
5/31/2006 7:18:34 AM H 32965 C:\WINDOWS\KB911564.log
5/31/2006 7:15:54 AM H 19974 C:\WINDOWS\KB911565.log
6/1/2006 3:01:50 AM H 13936 C:\WINDOWS\KB911567.log
6/1/2006 3:06:36 AM H 26513 C:\WINDOWS\KB911927.log
5/31/2006 7:16:26 AM H 24138 C:\WINDOWS\KB912919.log
5/31/2006 7:14:46 AM H 16618 C:\WINDOWS\KB913446.log
6/1/2006 3:02:18 AM H 15059 C:\WINDOWS\KB913580.log
5/30/2006 7:13:10 PM H 0 C:\WINDOWS\keyboard1.dat
6/2/2006 7:21:24 AM H 19258 C:\WINDOWS\msgsocm.log
6/7/2006 4:46:12 PM H 773630 C:\WINDOWS\ntbtlog.txt
6/2/2006 7:21:26 AM H 80389 C:\WINDOWS\ntdtcsetup.log
6/2/2006 7:21:24 AM H 198943 C:\WINDOWS\ocgen.log
6/2/2006 7:21:26 AM H 20860 C:\WINDOWS\ocmsn.log
6/6/2006 5:18:40 PM H 512 C:\WINDOWS\randseed.rnd
6/5/2006 9:23:02 PM H 32574 C:\WINDOWS\SchedLgU.Txt
6/3/2006 9:21:08 PM H 235548 C:\WINDOWS\setupact.log
6/2/2006 7:16:12 AM H 1047561 C:\WINDOWS\setupapi.log.0.old
6/2/2006 7:24:20 AM H 3112 C:\WINDOWS\spupdsvc.log
6/2/2006 7:21:26 AM H 151822 C:\WINDOWS\tsoc.log
6/2/2006 7:21:10 AM H 24732 C:\WINDOWS\updspapi.log
5/30/2006 7:13:20 PM H 35862 C:\WINDOWS\wallp2.exe
5/31/2006 8:52:36 PM H 275 C:\WINDOWS\wiadebug.log
6/7/2006 12:06:26 PM H 48 C:\WINDOWS\wiaservc.log
5/31/2006 7:56:50 PM H 897 C:\WINDOWS\win.ini
6/7/2006 12:27:04 PM H 1104497 C:\WINDOWS\WindowsUpdate.log
5/31/2006 2:38:56 PM H 122817 C:\WINDOWS\wmsetup.log
5/31/2006 7:16:52 AM H 7169 C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.inf
5/31/2006 7:16:48 AM H 131 C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.txt
5/31/2006 7:14:40 AM H 8064 C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.inf
5/31/2006 7:14:28 AM H 728 C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.txt
5/31/2006 7:14:58 AM H 7001 C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.inf
5/31/2006 7:14:56 AM H 352 C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.txt
5/31/2006 7:16:02 AM H 6367 C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.inf
5/31/2006 7:16:00 AM H 87 C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.txt
5/31/2006 7:18:40 AM H 6870 C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.inf
5/31/2006 7:18:38 AM H 97 C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.txt
5/31/2006 7:16:34 AM H 7391 C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.inf
5/31/2006 7:16:30 AM H 356 C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.txt
5/31/2006 7:16:14 AM H 7235 C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.inf
5/31/2006 7:16:12 AM H 370 C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.txt
5/31/2006 7:16:40 AM H 6821 C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.inf
5/31/2006 7:16:38 AM H 170 C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.txt
5/31/2006 7:17:08 AM H 11050 C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.inf
5/31/2006 7:17:00 AM H 1859 C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.txt
5/31/2006 7:16:20 AM H 6946 C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.inf
5/31/2006 7:16:18 AM H 264 C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.txt
5/31/2006 7:16:44 AM H 6682 C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.inf
5/31/2006 7:16:42 AM H 87 C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.txt
5/31/2006 7:16:08 AM H 6418 C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.inf
5/31/2006 7:16:04 AM H 91 C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.txt
5/31/2006 7:17:18 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00001
5/31/2006 7:17:18 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00002
5/31/2006 7:17:20 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00003
5/31/2006 7:17:20 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00004
5/31/2006 7:17:20 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00005
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00006
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00007
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00008
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00009
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00010
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00011
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00012
5/31/2006 7:17:22 AM H 32768 C:\WINDOWS\$NtUninstallKB905915$\reg00013
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00016
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00017
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00019
5/31/2006 7:17:22 AM H 8192 C:\WINDOWS\$NtUninstallKB905915$\reg00020
5/31/2006 7:17:32 AM H 13078 C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.inf
5/31/2006 7:17:22 AM H 2581 C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.txt
5/31/2006 7:14:52 AM H 6887 C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.inf
5/31/2006 7:14:50 AM H 412 C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.txt
5/31/2006 7:18:46 AM H 7398 C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.inf
5/31/2006 7:18:44 AM H 261 C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.txt
5/31/2006 7:18:32 AM H 7290 C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.inf
5/31/2006 7:18:28 AM H 231 C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.txt
5/31/2006 7:15:50 AM H 6617 C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.inf
5/31/2006 7:15:36 AM H 203 C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.txt
5/31/2006 7:16:26 AM H 6991 C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.inf
5/31/2006 7:16:24 AM H 261 C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.txt
5/31/2006 7:14:46 AM H 6709 C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.inf
5/31/2006 7:14:44 AM H 269 C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.txt
5/31/2006 1:09:36 PM H 0 C:\WINDOWS\inf\oem37.inf
6/3/2006 11:18:08 PM H 0 C:\WINDOWS\inf\oem38.inf
6/3/2006 11:18:08 PM H 0 C:\WINDOWS\inf\oem38.PNF
5/1/2006 9:02:10 AM H 69584 C:\WINDOWS\Minidump\Mini050106-01.dmp
5/1/2006 10:16:16 PM H 69584 C:\WINDOWS\Minidump\Mini050106-02.dmp
4/13/2006 11:31:00 PM S 44662 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7beta2.cat
4/18/2006 3:17:08 AM S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
5/23/2006 5:27:00 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
6/7/2006 4:29:48 PM H 12288 C:\WINDOWS\system32\config\default.LOG
6/7/2006 4:30:02 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
6/7/2006 8:30:06 PM H 20480 C:\WINDOWS\system32\config\SECURITY.LOG
6/7/2006 8:25:36 PM H 139264 C:\WINDOWS\system32\config\software.LOG
6/7/2006 4:50:08 PM H 114688 C:\WINDOWS\system32\config\system.LOG
6/7/2006 12:27:14 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
6/1/2006 9:05:06 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c1a630df-7023-4da7-b422-b807d3860b2a
6/1/2006 9:05:06 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
6/7/2006 4:32:58 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
6/7/2006 12:06:06 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 8/19/2004 10:02:46 PM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 8:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
FotoNation inc. 3/26/1998 3:01:34 PM 27136 C:\WINDOWS\SYSTEM32\camcpl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 7/1/2004 3:00:42 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 4/13/2006 11:21:20 PM 1405952 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 4/27/2004 1:53:02 AM 118784 C:\WINDOWS\SYSTEM32\tvtuner.cpl
Sony Corporation 12/4/1999 8:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 7/1/2004 3:00:42 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/18/2005 12:21:22 AM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
9/1/2004 9:43:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2/13/2005 10:01:22 AM 1592 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
3/12/2005 11:04:34 AM 1819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Harmony Monitor.lnk
10/2/2005 5:29:38 PM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
10/2/2005 5:31:24 PM 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
5/1/2005 11:39:46 AM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
12/10/2004 6:14:24 PM 527 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Remocon Driver.lnk
2/5/2005 10:27:26 PM 817 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/1/2004 2:36:08 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
10/2/2005 5:36:06 PM 778 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
9/1/2004 9:43:16 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/1/2004 2:36:08 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{82DF72B2-4A52-4CBE-8FC8-B226653AE8F4} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\CopyToCD
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} = C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}
URLDetector Class = C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{40B2063F-DB01-4962-BE63-59435C01283C}
ButtonText = Doyles Room Poker : C:\PROGRA~1\DOYLES~1\client.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com : C:\Program Files\PartyPoker\PartyPoker.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CreateCD_Reminder C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
VAIO Update 2 "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
VAIO Recovery C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
VMConsole.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
SoundMan SOUNDMAN.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SsAAD.exe C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
NeroCheck C:\WINDOWS\system32\\NeroCheck.exe
WildTangent CDA "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
AnyDVD "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
CloneCDTray "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
ShStatEXE "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^vkldu.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vkldu.exe
backup C:\WINDOWS\pss\vkldu.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\vkldu.exe
item vkldu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aqkup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item edycou
hkey HKCU
command C:\WINDOWS\system32\edycou.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item edycou
hkey HKCU
command C:\WINDOWS\system32\edycou.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dtesos
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item edycou
hkey HKLM
command C:\WINDOWS\system32\edycou.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item edycou
hkey HKLM
command C:\WINDOWS\system32\edycou.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\High Definition Audio Property Page Shortcut
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HDAudPropShortcut
hkey HKLM
command HDAudPropShortcut.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HDAudPropShortcut
hkey HKLM
command HDAudPropShortcut.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\keyboard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item keyboard24
hkey HKLM
command C:\\keyboard24.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item keyboard24
hkey HKLM
command C:\\keyboard24.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\newname
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item newname24
hkey HKLM
command C:\\newname24.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item newname24
hkey HKLM
command C:\\newname24.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrevxOne
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PXConsole
hkey HKLM
command C:\Program Files\Prevx1\PXConsole.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PXConsole
hkey HKLM
command C:\Program Files\Prevx1\PXConsole.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\sys0395176991-13
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sys0395176991-13
hkey HKLM
command C:\WINDOWS\sys0395176991-13.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sys0395176991-13
hkey HKLM
command C:\WINDOWS\sys0395176991-13.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kernels8
hkey HKLM
command C:\WINDOWS\system32\kernels8.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kernels8
hkey HKLM
command C:\WINDOWS\system32\kernels8.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TheMonitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SYSC00
hkey HKLM
command C:\WINDOWS\SYSC00.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SYSC00
hkey HKLM
command C:\WINDOWS\SYSC00.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\thlxdcsA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item thlxdcsA
hkey HKLM
command C:\WINDOWS\thlxdcsA.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item thlxdcsA
hkey HKLM
command C:\WINDOWS\thlxdcsA.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MSASCui
hkey HKLM
command "C:\Program Files\Windows Defender\MSASCui.exe" -hide
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MSASCui
hkey HKLM
command "C:\Program Files\Windows Defender\MSASCui.exe" -hide
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winlog
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winlog
hkey HKLM
command winlog.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winlog
hkey HKLM
command winlog.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
ScanWithAntiVirus 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\Userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 6/7/2006 8:35:47 PM

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 June 2006 - 07:55 PM

OK,here is what I want you to do,Im going to post instructions to download another BFU script.

Make sure you place it in the BFU folder.


Next,I need you to enable all in Msconfig and follow the prompts to restart,youll need to restart in safe mode again.


RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart


Reboot your computer into Safe Mode.


Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do its job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
While your in BFU,run qoofix again to ensure we didnt miss anything.


Restart again in Safe Mode,Scan with WinPFind once more.

Restart Normal and post the WinPFind log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users