Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware - Trojan.pakes


  • This topic is locked This topic is locked
20 replies to this topic

#1 jimparker999

jimparker999

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 03 September 2006 - 06:43 PM

Much better after running everything in the 'Prepararation for .." page. following is log. Prolblem started with slow computer, many popups for virus removal program. seems to still have trojan.pakes.

Logfile of HijackThis v1.99.1
Scan saved at 5:31:55 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: (no name) - {CA35BFF8-071D-2893-4D54-2A10E35572C7} - C:\WINDOWS\System32\wstktmpd.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\f9kne49v.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [1fa5acd.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\1fa5acd.exe
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\RACLE~1\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155186498717
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155216467971
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O21 - SSODL: Extevcap - {134101E3-4504-410C-8A5A-139F2677472E} - C:\WINDOWS\System32\conodmid.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 03 September 2006 - 06:55 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 03 September 2006 - 09:43 PM

Here are the two reports. Thanks. JIm

Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Searching by size/names...


Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

Misc files.

Checking for older varients covered by the Rem3 tool.


Logfile of HijackThis v1.99.1
Scan saved at 8:41:09 PM, on 9/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\{FC0B76B7-0633-1033-1010-030301210001}\Update.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\common files\aol\1135614739\ee\aim6.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: (no name) - {CA35BFF8-071D-2893-4D54-2A10E35572C7} - C:\WINDOWS\System32\wstktmpd.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\f9kne49v.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [1fa5acd.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\1fa5acd.exe
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\RACLE~1\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155186498717
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155216467971
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O21 - SSODL: Extevcap - {134101E3-4504-410C-8A5A-139F2677472E} - C:\WINDOWS\System32\conodmid.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 04 September 2006 - 06:44 PM

It looks like you are running two antivirus programs - Symantec(Norton) and Solo. This can cause problems. Please uninstall one of them.


You must disable Spybot's Teatimer function before proceeding with this fix. Otherwise it will intefere with hijackthis.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
===========


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {CA35BFF8-071D-2893-4D54-2A10E35572C7} - C:\WINDOWS\System32\wstktmpd.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKCU\..\Run: [1fa5acd.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\1fa5acd.exe
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\RACLE~1\iexplore.exe" -vt ndrv
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O21 - SSODL: Extevcap - {134101E3-4504-410C-8A5A-139F2677472E} - C:\WINDOWS\System32\conodmid.dll



===========


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 04 September 2006 - 08:40 PM

Thanks. here is the combo repy

Owner - 06-09-04 19:28:19.56
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Owner\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\winupdates
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{FC0B76B7-0633-1033-1010-030301210001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\MBOLS~1\RGEDIT~1.EXE
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-04 to 2006-09-04 ))))))))))))))))))))))))))))))))))


2006-09-03 09:27 40,973 ---hs---- C:\WINDOWS\system32\awttsrp.dll
2006-09-02 17:20 3,000 --a------ C:\WINDOWS\system32\fxmngr.exe
2006-08-23 21:31 13,844 --a------ C:\WINDOWS\system32\ydmylcmy.exe
2006-08-22 21:31 13,844 --a------ C:\WINDOWS\system32\ctxurlwm.exe
2006-08-21 21:31 13,844 --a------ C:\WINDOWS\system32\wbbeuwln.exe
2006-08-21 21:31 1,120,898 ---hs---- C:\WINDOWS\system32\ddfhk.bak2
2006-08-20 21:31 1,058,075 ---hs---- C:\WINDOWS\system32\ddfhk.bak1
2006-08-20 21:30 573,492 ---hs---- C:\WINDOWS\system32\khfdd.dll
2006-08-19 18:35 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-08-17 07:29 12,820 --a------ C:\WINDOWS\system32\cekenyil.exe
2006-08-17 07:29 12,308 --a------ C:\WINDOWS\system32\bulbkkjx.exe
2006-08-16 07:29 1,023,044 ---hs---- C:\WINDOWS\system32\qrutv.bak2
2006-08-14 19:28 24 --a------ C:\WINDOWS\xmnkt.dll
2006-08-14 19:28 1,023,663 ---hs---- C:\WINDOWS\system32\qrutv.bak1
2006-08-14 03:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-11 06:16 99,352 --a------ C:\WINDOWS\system32\ccPasswd.dll
2006-08-11 06:16 95,480 --a------ C:\WINDOWS\system32\ccTrust.dll
2006-08-10 21:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-10 03:25 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-08-10 03:01 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-10 03:01 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-10 03:01 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-09 23:17 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-09 23:15 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 23:15 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 23:15 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-09 23:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-09 23:09 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-09 23:09 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-09 23:09 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-09 23:09 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-08-09 23:09 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-09 23:09 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-08-04 13:40 483,328 --a------ C:\WINDOWS\system32\PICSDK.dll
2006-08-04 13:40 45,056 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2006-08-04 13:40 45,056 --a------ C:\WINDOWS\system32\EpPicMgr.dll
2006-08-04 13:35 5,632 --a------ C:\WINDOWS\system32\escdev.dll
2006-08-04 13:35 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2006-08-04 13:35 32,768 --a------ C:\WINDOWS\system32\eswia54.dll
2006-08-04 13:35 22,528 --a------ C:\WINDOWS\system32\esccmn.dll
2006-08-04 13:35 172,032 --a------ C:\WINDOWS\system32\esint54.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-04 19:30 -------- d-------- C:\Program Files\Common Files
2006-09-04 19:14 -------- d-------- C:\Program Files\SRN Micro
2006-09-04 19:13 0 --a------ C:\AUTOEXEC.BAT
2006-09-04 15:50 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-04 10:41 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-04 10:39 -------- d-------- C:\Program Files\Plaxo
2006-09-03 20:40 -------- d-------- C:\Program Files\HijackThis
2006-09-03 11:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-03 00:22 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 23:21 -------- d-------- C:\Program Files\Trend Micro
2006-08-28 16:24 -------- d-------- C:\Program Files\Adobe
2006-08-28 16:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-08-28 07:41 -------- d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2006-08-21 00:34 -------- d-------- C:\Program Files\Java
2006-08-21 00:29 -------- d-------- C:\Program Files\Common Files\Java
2006-08-20 23:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-20 23:54 -------- d-------- C:\Program Files\Sony
2006-08-20 23:06 -------- d-------- C:\Program Files\Lavasoft
2006-08-20 23:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-08-20 22:45 -------- d-------- C:\Program Files\Outlook Express
2006-08-20 22:45 -------- d-------- C:\Program Files\Common Files\System
2006-08-20 22:44 -------- d-------- C:\Program Files\Messenger
2006-08-20 22:24 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-20 21:54 -------- d-------- C:\Program Files\Windows Media Player
2006-08-20 21:54 -------- d-------- C:\Program Files\Movie Maker
2006-08-20 21:49 -------- d-------- C:\Program Files\Windows NT
2006-08-20 21:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-13 22:48 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-08-12 22:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-08-11 07:23 -------- d-------- C:\Program Files\Norton AntiVirus
2006-08-11 06:36 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-11 06:24 -------- d-------- C:\Program Files\Symantec
2006-08-11 06:10 -------- d-------- C:\Program Files\SymNetDrv
2006-08-11 00:14 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-09 23:26 2 --a------ C:\WINDOWS\system32\wapicc.exe
2006-08-09 23:09 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-07 22:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2006-08-07 22:05 2 ---hs---- C:\WINDOWS\system32\tasklist.com
2006-08-06 19:41 -------- d-------- C:\Program Files\LimeWire
2006-08-04 13:42 -------- d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2006-08-04 13:41 -------- d-------- C:\Program Files\epson
2006-08-04 13:34 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-30 01:09 -------- d-------- C:\Program Files\Viewpoint
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 12:16 -------- d-------- C:\Program Files\Picasa2
2006-07-17 15:55 18432 --------- C:\WINDOWS\system32\windrw32.dll
2006-07-13 00:47 -------- d-------- C:\Program Files\AOL
2006-07-13 00:47 -------- d-------- C:\Program Files\AOD
2006-07-13 00:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-13 00:44 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-05 16:28 -------- d-------- C:\Program Files\QuickTime
2006-07-05 16:23 -------- d-------- C:\Program Files\iTunes
2006-07-05 12:23 -------- d-------- C:\Program Files\Purple Ghost
2006-07-05 12:23 -------- d-------- C:\Documents and Settings\Owner\Application Data\Purple Ghost Software, Inc
2006-07-05 12:10 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-07-05 12:10 -------- d-------- C:\Program Files\Google
2006-07-05 04:55 134257 --a------ C:\WINDOWS\system32\regiptmp32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Mouse Suite 98 Daemon"="ICO.EXE"
"CreateCD_Reminder"="\"C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe\""
"Switcher.exe"="\"C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"VAIO Recovery"="\"C:\\Windows\\Sonysys\\VAIO Recovery\\PartSeal.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1135614739\\ee\\AOLSoftware.exe\""
"Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\""
"WD Button Manager"="WDBtnMgr.exe"
"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IPHSend"="\"C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe\""
"EEventManager"="\"C:\\Program Files\\EPSON\\Creativity Suite\\Event Manager\\EEventManager.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"SoloSentry"="C:\\PROGRA~1\\SRNMIC~1\\SOLOSENT.EXE"
"SoloSchedule"="C:\\PROGRA~1\\SRNMIC~1\\SOLOCFG.EXE"
"SoloSysCheck"="C:\\PROGRA~1\\SRNMIC~1\\SYSCHECK.COM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.6.2.15\\PlaxoHelper.exe -a"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttsrp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfdd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windrw32



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060904-192236-778
O21 - SSODL: Extevcap - {134101E3-4504-410C-8A5A-139F2677472E} - C:\WINDOWS\System32\conodmid.dll
backup-20060904-192236-624
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
backup-20060904-192235-854
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
backup-20060904-192235-658
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll (file missing)
backup-20060904-192234-586
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
backup-20060904-192233-568
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
backup-20060904-192233-358
O4 - HKCU\..\Run: [1fa5acd.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\1fa5acd.exe
backup-20060904-192233-753
O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\RACLE~1\iexplore.exe" -vt ndrv
backup-20060904-192233-313
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
backup-20060904-192233-396
R3 - URLSearchHook: (no name) - {CA35BFF8-071D-2893-4D54-2A10E35572C7} - C:\WINDOWS\System32\wstktmpd.dll (file missing)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Mon 09/04/2006 19:32:43.12
ComboFix.txt

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 05 September 2006 - 10:02 AM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt even if Vundofix found no infected files.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 05 September 2006 - 10:40 PM

Here you are. Worked fine. Norton kept popping up that it was finding windrw32.dll during vundo but that cleared up. Vundo rebooted and took out one more file, as in the Vundo report below. Jim



VundoFix V4.2.22
Scan started at 6:30:08 AM 8/10/2006

Listing files found while scanning....


C:\WINDOWS\system32\qpsut.bak1
C:\WINDOWS\system32\qpsut.bak2
C:\WINDOWS\system32\qpsut.tmp
C:\WINDOWS\system32\qpsut.ini
C:\WINDOWS\system32\qpsut.ini2
C:\WINDOWS\system32\tuspq.dll
C:\WINDOWS\system32\qpsut.ini2
C:\WINDOWS\system32\qpsut.bak2
C:\WINDOWS\system32\qpsut.tmp
C:\WINDOWS\system32\qpsut.ini
C:\WINDOWS\system32\qpsut.ini2
C:\WINDOWS\system32\tuspq.dll
Attempting to delete C:\WINDOWS\system32\qpsut.bak1
C:\WINDOWS\system32\qpsut.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpsut.bak2
C:\WINDOWS\system32\qpsut.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpsut.tmp
C:\WINDOWS\system32\qpsut.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpsut.ini
C:\WINDOWS\system32\qpsut.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qpsut.ini2
C:\WINDOWS\system32\qpsut.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuspq.dll
C:\WINDOWS\system32\tuspq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V4.2.22
Scan started at 9:04:38 PM 8/10/2006

Listing files found while scanning....


No infected files were found.


VundoFix V4.2.22
Scan started at 10:26:10 PM 8/12/2006

Listing files found while scanning....


No infected files were found.


VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 8:51:01 PM 9/5/2006

Listing files found while scanning....

C:\WINDOWS\system32\awttsrp.dll
C:\WINDOWS\system32\khfdd.dll
C:\WINDOWS\system32\ddfhk.ini
C:\WINDOWS\system32\ddfhk.bak1
C:\WINDOWS\system32\ddfhk.bak2
C:\WINDOWS\system32\bulbkkjx.exe
C:\WINDOWS\system32\cekenyil.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awttsrp.dll
C:\WINDOWS\system32\awttsrp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\khfdd.dll
C:\WINDOWS\system32\khfdd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddfhk.ini
C:\WINDOWS\system32\ddfhk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddfhk.bak1
C:\WINDOWS\system32\ddfhk.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddfhk.bak2
C:\WINDOWS\system32\ddfhk.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bulbkkjx.exe
C:\WINDOWS\system32\bulbkkjx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cekenyil.exe
C:\WINDOWS\system32\cekenyil.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.8

Scan started at 9:11:40 PM 9/5/2006

Listing files found while scanning....

C:\WINDOWS\system32\awttsrp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awttsrp.dll
C:\WINDOWS\system32\awttsrp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 9:29:59 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
c:\program files\common files\aol\1135614739\ee\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\hjt\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\f9kne49v.slt\prefs.js)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155186498717
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155216467971
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 06 September 2006 - 02:52 PM

Please post a new log from Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 06 September 2006 - 07:52 PM

And here it is..... Thanks. JIm
Owner - 06-09-06 18:39:48.46
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Owner\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\MBOLS~1\RGEDIT~1.EXE
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))


2006-09-05 21:16 706,396 ---hs---- C:\WINDOWS\system32\qqpoq.bak1
2006-09-05 21:16 692,276 ---hs---- C:\WINDOWS\system32\qopqq.dll
2006-09-05 21:05 692,276 ---hs---- C:\WINDOWS\system32\khfef.dll
2006-09-02 17:20 3,000 --a------ C:\WINDOWS\system32\fxmngr.exe
2006-08-23 21:31 13,844 --a------ C:\WINDOWS\system32\ydmylcmy.exe
2006-08-22 21:31 13,844 --a------ C:\WINDOWS\system32\ctxurlwm.exe
2006-08-21 21:31 13,844 --a------ C:\WINDOWS\system32\wbbeuwln.exe
2006-08-19 18:35 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-08-16 07:29 1,023,044 ---hs---- C:\WINDOWS\system32\qrutv.bak2
2006-08-14 19:28 24 --a------ C:\WINDOWS\xmnkt.dll
2006-08-14 19:28 1,023,663 ---hs---- C:\WINDOWS\system32\qrutv.bak1
2006-08-14 03:07 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-11 06:16 99,352 --a------ C:\WINDOWS\system32\ccPasswd.dll
2006-08-11 06:16 95,480 --a------ C:\WINDOWS\system32\ccTrust.dll
2006-08-10 21:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-10 03:25 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-08-10 03:01 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-10 03:01 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-10 03:01 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-09 23:17 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-09 23:15 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 23:15 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 23:15 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-09 23:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-09 23:09 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-09 23:09 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-09 23:09 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-09 23:09 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-08-09 23:09 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-09 23:09 127,256 --a------ C:\WINDOWS\system32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-06 18:38 0 --a------ C:\AUTOEXEC.BAT
2006-09-05 23:43 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-05 23:42 -------- d-------- C:\Program Files\Plaxo
2006-09-05 23:42 -------- d-------- C:\Program Files\Common Files
2006-09-05 23:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-05 14:52 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-03 20:40 -------- d-------- C:\Program Files\HijackThis
2006-09-03 00:22 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 23:21 -------- d-------- C:\Program Files\Trend Micro
2006-08-28 16:24 -------- d-------- C:\Program Files\Adobe
2006-08-28 16:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-08-28 07:41 -------- d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2006-08-21 00:34 -------- d-------- C:\Program Files\Java
2006-08-21 00:29 -------- d-------- C:\Program Files\Common Files\Java
2006-08-20 23:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-20 23:54 -------- d-------- C:\Program Files\Sony
2006-08-20 23:06 -------- d-------- C:\Program Files\Lavasoft
2006-08-20 23:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-08-20 22:45 -------- d-------- C:\Program Files\Outlook Express
2006-08-20 22:45 -------- d-------- C:\Program Files\Common Files\System
2006-08-20 22:44 -------- d-------- C:\Program Files\Messenger
2006-08-20 22:24 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-20 21:54 -------- d-------- C:\Program Files\Windows Media Player
2006-08-20 21:54 -------- d-------- C:\Program Files\Movie Maker
2006-08-20 21:49 -------- d-------- C:\Program Files\Windows NT
2006-08-20 21:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-13 22:48 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-08-12 22:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-08-11 07:23 -------- d-------- C:\Program Files\Norton AntiVirus
2006-08-11 06:36 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-11 06:24 -------- d-------- C:\Program Files\Symantec
2006-08-11 06:10 -------- d-------- C:\Program Files\SymNetDrv
2006-08-11 00:14 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-09 23:26 2 --a------ C:\WINDOWS\system32\wapicc.exe
2006-08-09 23:09 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-07 22:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2006-08-07 22:05 2 ---hs---- C:\WINDOWS\system32\tasklist.com
2006-08-06 19:41 -------- d-------- C:\Program Files\LimeWire
2006-08-04 13:42 -------- d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2006-08-04 13:41 -------- d-------- C:\Program Files\epson
2006-08-04 13:34 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-30 01:09 -------- d-------- C:\Program Files\Viewpoint
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 12:16 -------- d-------- C:\Program Files\Picasa2
2006-07-17 15:55 18432 --------- C:\WINDOWS\system32\windrw32.dll
2006-07-13 00:47 -------- d-------- C:\Program Files\AOL
2006-07-13 00:47 -------- d-------- C:\Program Files\AOD
2006-07-13 00:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-13 00:44 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-05 12:10 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-07-05 04:55 134257 --a------ C:\WINDOWS\system32\regiptmp32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Mouse Suite 98 Daemon"="ICO.EXE"
"CreateCD_Reminder"="\"C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe\""
"Switcher.exe"="\"C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"VAIO Recovery"="\"C:\\Windows\\Sonysys\\VAIO Recovery\\PartSeal.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1135614739\\ee\\AOLSoftware.exe\""
"Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\""
"WD Button Manager"="WDBtnMgr.exe"
"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IPHSend"="\"C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe\""
"EEventManager"="\"C:\\Program Files\\EPSON\\Creativity Suite\\Event Manager\\EEventManager.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.6.2.15\\PlaxoHelper.exe -a"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qopqq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windrw32


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 09/06/2006 18:43:33.42
ComboFix.txt
ComboFix2.txt

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 06 September 2006 - 08:48 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Delete Temp Files
    • Click Tools -> Delete Temp Files
    • Place a check mark in all locations that aren't greyed out. By default they should already be checked.
    • Click Delete Selected Temp Files
  • Once that completes, select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\qqpoq.bak1
    C:\WINDOWS\system32\qopqq.dll
    C:\WINDOWS\system32\khfef.dll
    C:\WINDOWS\system32\fxmngr.exe
    C:\WINDOWS\system32\ydmylcmy.exe
    C:\WINDOWS\system32\ctxurlwm.exe
    C:\WINDOWS\system32\wbbeuwln.exe
    C:\WINDOWS\system32\spnpinst.exe
    C:\WINDOWS\system32\qrutv.bak2
    C:\WINDOWS\xmnkt.dll
    C:\WINDOWS\system32\qrutv.bak1
    C:\WINDOWS\system32\wmpns.dll
    C:\WINDOWS\system32\wapicc.exe
    C:\WINDOWS\system32\windrw32.dll



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
Please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 06 September 2006 - 10:07 PM

As follows. I did not get the pending file operations prompt. When computer rebooted, I did get a number of popup warnings from the fake SysProtect thing.


Pocket Killbox version 2.0.0.881
Running on Windows XP as Owner(Administrator)
was started @ Wednesday, September 06, 2006, 8:42 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\qqpoq.bak1


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\qopqq.dll


# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\khfef.dll


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\fxmngr.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\ydmylcmy.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\ctxurlwm.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\wbbeuwln.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\system32\spnpinst.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\system32\qrutv.bak2


# 10 [Delete on Reboot]
Path = C:\WINDOWS\xmnkt.dll


# 11 [Delete on Reboot]
Path = C:\WINDOWS\system32\qrutv.bak1


# 12 [Delete on Reboot]
Path = C:\WINDOWS\system32\wmpns.dll


# 13 [Delete on Reboot]
Path = C:\WINDOWS\system32\wapicc.exe


# 14 [Delete on Reboot]
Path = C:\WINDOWS\system32\windrw32.dll


I Rebooted @ 8:45:45 PM
Killbox Closed(Exit) @ 8:45:55 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Owner(Administrator)
was started @ Wednesday, September 06, 2006, 9:00 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:04:19 PM, on 9/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint\Apntex.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1135614739\ee\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\f9kne49v.slt\prefs.js)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155186498717
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155216467971
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 07 September 2006 - 04:02 PM

Download SmitfraudFix (by S!Ri) to your Desktop.
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log.



Also post a new log from Combofix.
What do the warnings say that are popping up?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 07 September 2006 - 08:20 PM

Following are the smitfraud and combofix logs. The popups look official, and say you can click on them to download SysProtect. I just quickly closed with the X. Sorry I did not get more. I will do a screeen capture if I get another. Has not happened since, but I am trying not to use this computer. Jim

SmitFraudFix v2.84

Scan done at 19:01:28.43, Thu 09/07/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Owner\Application Data


Start Menu


C:\DOCUME~1\Owner\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Scanning wininet.dll infection


End

Owner - 06-09-07 19:04:06.00
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Owner\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\MBOLS~1\RGEDIT~1.EXE
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-07 to 2006-09-07 ))))))))))))))))))))))))))))))))))


2006-09-06 21:16 875,756 ---hs---- C:\WINDOWS\system32\qqpoq.bak2
2006-09-05 21:16 706,396 --------- C:\WINDOWS\system32\qqpoq.bak1
2006-09-05 21:16 692,276 --------- C:\WINDOWS\system32\qopqq.dll
2006-09-05 21:05 692,276 --------- C:\WINDOWS\system32\khfef.dll
2006-09-02 17:20 3,000 --------- C:\WINDOWS\system32\fxmngr.exe
2006-08-19 18:35 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-08-11 06:16 99,352 --a------ C:\WINDOWS\system32\ccPasswd.dll
2006-08-11 06:16 95,480 --a------ C:\WINDOWS\system32\ccTrust.dll
2006-08-10 21:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-10 03:25 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-08-10 03:01 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-10 03:01 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-10 03:01 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-09 23:17 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-09 23:15 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 23:15 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 23:15 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-09 23:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-09 23:09 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-09 23:09 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-09 23:09 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-09 23:09 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-08-09 23:09 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-09 23:09 127,256 --a------ C:\WINDOWS\system32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-06 20:51 -------- d-------- C:\Program Files\Plaxo
2006-09-06 20:51 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-06 20:51 -------- d-------- C:\Program Files\Common Files
2006-09-06 18:38 0 --a------ C:\AUTOEXEC.BAT
2006-09-05 23:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-05 14:52 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-03 20:40 -------- d-------- C:\Program Files\HijackThis
2006-09-03 00:22 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 23:21 -------- d-------- C:\Program Files\Trend Micro
2006-08-28 16:24 -------- d-------- C:\Program Files\Adobe
2006-08-28 16:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-08-28 07:41 -------- d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2006-08-21 00:34 -------- d-------- C:\Program Files\Java
2006-08-21 00:29 -------- d-------- C:\Program Files\Common Files\Java
2006-08-20 23:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-20 23:54 -------- d-------- C:\Program Files\Sony
2006-08-20 23:06 -------- d-------- C:\Program Files\Lavasoft
2006-08-20 23:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-08-20 22:45 -------- d-------- C:\Program Files\Outlook Express
2006-08-20 22:45 -------- d-------- C:\Program Files\Common Files\System
2006-08-20 22:44 -------- d-------- C:\Program Files\Messenger
2006-08-20 22:24 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-20 21:54 -------- d-------- C:\Program Files\Windows Media Player
2006-08-20 21:54 -------- d-------- C:\Program Files\Movie Maker
2006-08-20 21:49 -------- d-------- C:\Program Files\Windows NT
2006-08-20 21:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-13 22:48 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-08-12 22:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-08-11 07:23 -------- d-------- C:\Program Files\Norton AntiVirus
2006-08-11 06:36 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-11 06:24 -------- d-------- C:\Program Files\Symantec
2006-08-11 06:10 -------- d-------- C:\Program Files\SymNetDrv
2006-08-11 00:14 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-09 23:09 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-07 22:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2006-08-07 22:05 2 ---hs---- C:\WINDOWS\system32\tasklist.com
2006-08-06 19:41 -------- d-------- C:\Program Files\LimeWire
2006-08-04 13:42 -------- d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2006-08-04 13:41 -------- d-------- C:\Program Files\epson
2006-08-04 13:34 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-30 01:09 -------- d-------- C:\Program Files\Viewpoint
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 12:16 -------- d-------- C:\Program Files\Picasa2
2006-07-13 00:47 -------- d-------- C:\Program Files\AOL
2006-07-13 00:47 -------- d-------- C:\Program Files\AOD
2006-07-13 00:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-13 00:44 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-05 12:10 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-07-05 04:55 134257 --a------ C:\WINDOWS\system32\regiptmp32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Mouse Suite 98 Daemon"="ICO.EXE"
"CreateCD_Reminder"="\"C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe\""
"Switcher.exe"="\"C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"VAIO Recovery"="\"C:\\Windows\\Sonysys\\VAIO Recovery\\PartSeal.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1135614739\\ee\\AOLSoftware.exe\""
"Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\""
"WD Button Manager"="WDBtnMgr.exe"
"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IPHSend"="\"C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe\""
"EEventManager"="\"C:\\Program Files\\EPSON\\Creativity Suite\\Event Manager\\EEventManager.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.6.2.15\\PlaxoHelper.exe -a"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qopqq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windrw32


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Thu 09/07/2006 19:06:16.81
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:44 PM

Posted 08 September 2006 - 08:21 AM

Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\combofix.exe" /v qopqq khfef fxmngr

When it's done running it will produce a log for you. Please post that log in your next reply.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 jimparker999

jimparker999
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 08 September 2006 - 09:09 PM

Attached are the logs. I copied the command as you listed it - with the leading " . But, should I have deleted that? Also, I got some screen captures from the popups that came up before I
ran these logs. Can I attach them here somehow, or email them to you in pdf or doc format? Jim


Owner - 06-09-08 19:51:12.43
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Owner\desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\qopqq.dll
C:\WINDOWS\system32\khfef.dll
C:\WINDOWS\system32\qqpoq.bak1
C:\WINDOWS\system32\qqpoq.bak2
C:\WINDOWS\system32\qqpoq.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))




~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\MBOLS~1\RGEDIT~1.EXE
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\SSEMBL~1
C:\QooBox\Purity\WINDOWS\RACLE~1\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1\ASEMBL~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-08 to 2006-09-08 ))))))))))))))))))))))))))))))))))


2006-09-02 17:20 3,000 --------- C:\WINDOWS\system32\fxmngr.exe
2006-08-19 18:35 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2006-08-11 06:16 99,352 --a------ C:\WINDOWS\system32\ccPasswd.dll
2006-08-11 06:16 95,480 --a------ C:\WINDOWS\system32\ccTrust.dll
2006-08-10 21:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-10 03:25 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-08-10 03:01 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-10 03:01 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-10 03:01 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-09 23:17 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-09 23:15 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-08-09 23:15 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-08-09 23:15 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-09 23:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-09 23:09 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-08-09 23:09 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-08-09 23:09 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-08-09 23:09 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-08-09 23:09 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-08-09 23:09 127,256 --a------ C:\WINDOWS\system32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-08 19:48 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-07 23:00 -------- d-------- C:\Program Files\Plaxo
2006-09-07 23:00 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-07 23:00 -------- d-------- C:\Program Files\Common Files
2006-09-07 22:41 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-06 18:38 0 --a------ C:\AUTOEXEC.BAT
2006-09-03 20:40 -------- d-------- C:\Program Files\HijackThis
2006-09-03 00:22 -------- d-------- C:\Program Files\Internet Explorer
2006-09-02 23:21 -------- d-------- C:\Program Files\Trend Micro
2006-08-28 16:24 -------- d-------- C:\Program Files\Adobe
2006-08-28 16:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-08-28 07:41 -------- d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2006-08-21 00:34 -------- d-------- C:\Program Files\Java
2006-08-21 00:29 -------- d-------- C:\Program Files\Common Files\Java
2006-08-20 23:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-20 23:54 -------- d-------- C:\Program Files\Sony
2006-08-20 23:06 -------- d-------- C:\Program Files\Lavasoft
2006-08-20 23:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-08-20 22:45 -------- d-------- C:\Program Files\Outlook Express
2006-08-20 22:45 -------- d-------- C:\Program Files\Common Files\System
2006-08-20 22:44 -------- d-------- C:\Program Files\Messenger
2006-08-20 22:24 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-20 21:54 -------- d-------- C:\Program Files\Windows Media Player
2006-08-20 21:54 -------- d-------- C:\Program Files\Movie Maker
2006-08-20 21:49 -------- d-------- C:\Program Files\Windows NT
2006-08-20 21:49 -------- d-------- C:\Program Files\NetMeeting
2006-08-13 22:48 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-08-12 22:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-08-11 07:23 -------- d-------- C:\Program Files\Norton AntiVirus
2006-08-11 06:36 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-11 06:24 -------- d-------- C:\Program Files\Symantec
2006-08-11 06:10 -------- d-------- C:\Program Files\SymNetDrv
2006-08-11 00:14 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-08-09 23:09 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-07 22:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\EPSON
2006-08-07 22:05 2 ---hs---- C:\WINDOWS\system32\tasklist.com
2006-08-06 19:41 -------- d-------- C:\Program Files\LimeWire
2006-08-04 13:42 -------- d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2006-08-04 13:41 -------- d-------- C:\Program Files\epson
2006-08-04 13:34 -------- d-------- C:\Program Files\Common Files\Adobe
2006-07-30 01:09 -------- d-------- C:\Program Files\Viewpoint
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 12:16 -------- d-------- C:\Program Files\Picasa2
2006-07-13 00:47 -------- d-------- C:\Program Files\AOL
2006-07-13 00:47 -------- d-------- C:\Program Files\AOD
2006-07-13 00:45 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-13 00:44 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-05 12:10 339968 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-07-05 04:55 134257 --a------ C:\WINDOWS\system32\regiptmp32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="\"C:\\Program Files\\Apoint\\Apoint.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Mouse Suite 98 Daemon"="ICO.EXE"
"CreateCD_Reminder"="\"C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe\""
"Switcher.exe"="\"C:\\Program Files\\Sony\\Wireless Switch Setting Utility\\Switcher.exe\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"ZTgServerSwitch"="\"c:\\program files\\support.com\\client\\bin\\tgcmd.exe\" /server"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"VAIO Recovery"="\"C:\\Windows\\Sonysys\\VAIO Recovery\\PartSeal.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1135614739\\ee\\AOLSoftware.exe\""
"Microsoft Works Update Detection"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe\""
"WD Button Manager"="WDBtnMgr.exe"
"Picasa Media Detector"="\"C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IPHSend"="\"C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe\""
"EEventManager"="\"C:\\Program Files\\EPSON\\Creativity Suite\\Event Manager\\EEventManager.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"PlaxoUpdate"="C:\\Program Files\\Plaxo\\2.6.2.15\\PlaxoHelper.exe -a"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iinl"="\"C:\\WINDOWS\\System32\\ASEMBL~1\\winword.exe\" -vt ndrv"
@=""
"Teqlfih"="C:\\Program Files\\??mbols\\r?gedit.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\windrw32


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 09/08/2006 19:54:42.00
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

Logfile of HijackThis v1.99.1
Scan saved at 8:04:20 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint\Apntex.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1135614739\ee\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\f9kne49v.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A83CFA2-741F-0392-1589-5227508EB8CB} - C:\WINDOWS\System32\kjumadv.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7242FED4-0A94-486B-BAA7-84BDB111481B} - C:\WINDOWS\System32\khfdd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {904F2963-4B11-4379-A63E-11F1D6C15922} - C:\WINDOWS\System32\tuspq.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\g128226750.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CA35BFF8-071D-2893-4D54-2A10E35572C7} - C:\WINDOWS\System32\wstktmpd.dll (file missing)
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\awttsrp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135614739\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: BlueSpace NE.lnk = C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155186498717
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155216467971
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windrw32 - windrw32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users