Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sony Vaio Infected With Bot?


  • This topic is locked This topic is locked
11 replies to this topic

#1 bigdeer32

bigdeer32

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 02 February 2007 - 03:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:11:05 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HKServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lona Helge\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3CD95~2\Bar888.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3CD95~2\Bar888.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HKServ.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:32 PM

Posted 02 February 2007 - 03:36 PM

Hello bigdeer32, my name is David, welcome to BC!

My first remark is to say that yes, unfortunately you are infected. To be more specific, from the Hijackthis log you posted I can see you are infected with Sdbot trojans/worms, which are capable of backdoor activity. To be brief, due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.

I've research the entries, and found this information, in case you find it useful:

W32/Agobot-LF is a network worm which also allows unauthorised remote access to the computer via IRC channels. W32/Agobot-LF copies itself to network shares with weak passwords and attempts to spread to other computers. It attempts to terminate and disable various anti-virus and security related programs. It also attempts to terminate processes associated with the W32/Blaster family of worms. It collects system information and registration keys of popular games that are installed on the computer.

So, that's the first thing, I recommend you change your passwords.
Here are two useful links, in case you wish to read more on the infection you have:
http://www.sophos.com/virusinfo/analyses/w32agobotlf.html
http://www.sarc.com/avcenter/venc/data/bac....netshadow.html

Ok, now onto the removal, please follow these instructions exactly as posted, it's important. Also it is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.

Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'. In the field, copy and paste the filepath a few lines below.
Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes:
C:\WINDOWS\System32\winlog.exe

When asked to reboot, please choose Yes. Your system will reboot now.

I'm not sure whether the infection you have comes with an uninstallers, but let's check.
Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Bar888

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3CD95~2\Bar888.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3CD95~2\Bar888.dll
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download Bobbi Flekman's RegSearch from
http://www.bleepingcomputer.com/files/regsearch.php

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the top Search Box:

winlog

Now hit OK. After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

In your next reply I need 4 logs:
1) New Hijackthis log
2) Uninstall list from Hijackthis
3) The regsearch log

You may need to split them up, sometimes there is a restriction on the quantity of writing you can post at a time.
If you have any questions, please don't hesitate to ask at any time.

#3 bigdeer32

bigdeer32
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 02 February 2007 - 06:44 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:41:08 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HKServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lona Helge\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HKServ.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winilb32 - winilb32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
----------------------------------------------------------------
Ad-aware 6 Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitLord 1.1
CC_ccProxyExt
ccCommon
ccCommon
ccPxyCore
CONNECT
DeadAIM
DVgate Plus
First Step Guide
HijackThis 1.99.1
Hotfix for Windows XP (KB926239)
HotKey Utility
ImageMixer VCD2
Intel® PRO Network Adapters and Drivers
Intel® PROSet/Wireless Software
Internet Worm Protection
InterVideo WinDVD 5 for VAIO
InterVideo WinDVDX
J2SE Runtime Environment 5.0
LimeWire PRO 4.12.3
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mMHouse
MoodLogic
Mozilla Firefox (1.5.0.9)
mPfMgr
mProSafe
MSRedist
MSXML 4.0 SP2 (KB927978)
mWlsSafe
mXML
NAVShortcut
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
OpenMG Limited Patch 4.0-04-08-02-01
OpenMG Secure Module 4.0.00
Picture Package
PictureGear Studio 2.0
Quicken 2005
QuickTime
Secure Game Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Setting Utility Series
SoftV92 Data Fax Modem
SonicStage 2.1.02
Sony Certificate PCH
Sony USB Driver
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SoundMAX
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URGE
VAIO Control Center
VAIO Entertainment Platform
VAIO Help and Support
VAIO Launcher
VAIO Light Flo Wallpaper
VAIO Media 3.1
VAIO Media Integrated Server 3.1
VAIO Media Redistribution 3.1
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Scene HD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Survey Standalone
VAIO Update 2
VAIO Wireless Utility
VAIO Zone
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Welcome to VAIO life
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
XviD 1.1 final uninstall
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
--------------------------------------------------




Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 2/2/2007 5:39:25 PM for strings:
; 'winlog'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\winlogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\winlogon\DEBUG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB307154\Filelist\0]
"FileName"="winlogon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB307154\Filelist\1]
"FileName"="winlogon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartMenu\StartMenuLogoff\Policy\LogonType]
"RegKey"="Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot]
"Shell"="SYS:Microsoft\\Windows NT\\CurrentVersion\\Winlogon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]
"Winlogon"="SYS:Microsoft\\Windows NT\\CurrentVersion\\Winlogon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateCDRoms]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateDASD]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/AllocateFloppies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/CachedLogonsCount]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ForceUnlockLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/PasswordExpiryWarning]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/ScRemoveOption]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winilb32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; %WINDIR%\debug\*
;
"Winlogon debug"=hex(7):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,\
64,00,65,00,62,00,75,00,67,00,5c,00,2a,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\winlogon.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\SysProcs]
"winlogon.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VzFw
; VSS
; Video Server
; VBRuntime
; VAIO Media Integrated Server
; VAIO Media Gateway Server
; Userinit
; Userenv
; UPnPFramework
; SysmonLog
; Starter
; SPTISRV
; SpoolerCtrs
; SPBBCSvc
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SAVSCAN
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; NSCService
; NPFMntor
; navapsvc
; MSSQLSERVER/MSDE
; MSSOAP
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; LoadPerf
; LiveUpdate
; ISSVC
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccProxy
; ccEvtMgr
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,7a,00,46,00,77,00,00,00,56,00,53,00,53,00,00,00,56,00,\
69,00,64,00,65,00,6f,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,56,\
00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,56,00,41,00,49,00,\
4f,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,49,00,6e,00,74,00,65,00,67,\
00,72,00,61,00,74,00,65,00,64,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,\
00,00,56,00,41,00,49,00,4f,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,47,\
00,61,00,74,00,65,00,77,00,61,00,79,00,20,00,53,00,65,00,72,00,76,00,65,00,\
72,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,\
00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,50,00,6e,00,50,00,46,00,72,00,\
61,00,6d,00,65,00,77,00,6f,00,72,00,6b,00,00,00,53,00,79,00,73,00,6d,00,6f,\
00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,\
00,00,53,00,50,00,54,00,49,00,53,00,52,00,56,00,00,00,53,00,70,00,6f,00,6f,\
00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,50,00,42,00,42,00,\
43,00,53,00,76,00,63,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,\
00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,\
20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,\
00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,\
00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\
6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\
00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\
6c,00,69,00,00,00,53,00,41,00,56,00,53,00,43,00,41,00,4e,00,00,00,73,00,61,\
00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,\
73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,\
00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,\
72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,\
00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,\
6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,\
00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,\
72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,66,\
00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,\
4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,\
00,75,00,70,00,00,00,4e,00,53,00,43,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,4e,00,50,00,46,00,4d,00,6e,00,74,00,6f,00,72,00,00,00,6e,00,61,\
00,76,00,61,00,70,00,73,00,76,00,63,00,00,00,4d,00,53,00,53,00,51,00,4c,00,\
53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,\
00,53,00,53,00,4f,00,41,00,50,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,\
74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,\
00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,\
00,00,4d,00,53,00,44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,\
00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,31,00,00,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,\
32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,\
00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,\
49,00,53,00,53,00,56,00,43,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,\
00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,\
72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,\
00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,\
00,45,00,4e,00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,\
00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,\
00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,\
4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,\
00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,00,00,63,00,63,00,50,00,\
72,00,6f,00,78,00,79,00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,\
00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,20,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,00,63,00,68,\
00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,6f,00,45,00,\
6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,75,00,74,\
00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,\
20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,\
00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,\
61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,\
00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,\
67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,41,00,65,00,67,00,69,00,73,00,\
50,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Winlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; %WINDIR%\debug\*
;
"Winlogon debug"=hex(7):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,\
64,00,65,00,62,00,75,00,67,00,5c,00,2a,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Nls\MUILanguages\RCV2\winlogon.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\SysProcs]
"winlogon.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VzFw
; VSS
; Video Server
; VBRuntime
; VAIO Media Integrated Server
; VAIO Media Gateway Server
; Userinit
; Userenv
; UPnPFramework
; SysmonLog
; Starter
; SPTISRV
; SpoolerCtrs
; SPBBCSvc
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SAVSCAN
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; NSCService
; NPFMntor
; navapsvc
; MSSQLSERVER/MSDE
; MSSOAP
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; LoadPerf
; LiveUpdate
; ISSVC
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccProxy
; ccEvtMgr
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,7a,00,46,00,77,00,00,00,56,00,53,00,53,00,00,00,56,00,\
69,00,64,00,65,00,6f,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,56,\
00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,56,00,41,00,49,00,\
4f,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,49,00,6e,00,74,00,65,00,67,\
00,72,00,61,00,74,00,65,00,64,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,\
00,00,56,00,41,00,49,00,4f,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,47,\
00,61,00,74,00,65,00,77,00,61,00,79,00,20,00,53,00,65,00,72,00,76,00,65,00,\
72,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,\
00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,50,00,6e,00,50,00,46,00,72,00,\
61,00,6d,00,65,00,77,00,6f,00,72,00,6b,00,00,00,53,00,79,00,73,00,6d,00,6f,\
00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,\
00,00,53,00,50,00,54,00,49,00,53,00,52,00,56,00,00,00,53,00,70,00,6f,00,6f,\
00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,50,00,42,00,42,00,\
43,00,53,00,76,00,63,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,\
00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,\
20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,\
00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,\
00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\
6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\
00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\
6c,00,69,00,00,00,53,00,41,00,56,00,53,00,43,00,41,00,4e,00,00,00,73,00,61,\
00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,\
73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,\
00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,\
72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,\
00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,\
6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,\
00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,\
72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,66,\
00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,\
4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,\
00,75,00,70,00,00,00,4e,00,53,00,43,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,4e,00,50,00,46,00,4d,00,6e,00,74,00,6f,00,72,00,00,00,6e,00,61,\
00,76,00,61,00,70,00,73,00,76,00,63,00,00,00,4d,00,53,00,53,00,51,00,4c,00,\
53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,\
00,53,00,53,00,4f,00,41,00,50,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,\
74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,\
00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,\
00,00,4d,00,53,00,44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,\
00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,31,00,00,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,\
32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,\
00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,\
49,00,53,00,53,00,56,00,43,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,\
00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,\
72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,\
00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,\
00,45,00,4e,00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,\
00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,\
00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,\
4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,\
00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,00,00,63,00,63,00,50,00,\
72,00,6f,00,78,00,79,00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,\
00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,20,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,00,63,00,68,\
00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,6f,00,45,00,\
6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,75,00,74,\
00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,\
20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,\
00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,\
61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,\
00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,\
67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,41,00,65,00,67,00,69,00,73,00,\
50,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Winlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; %WINDIR%\debug\*
;
"Winlogon debug"=hex(7):25,00,57,00,49,00,4e,00,44,00,49,00,52,00,25,00,5c,00,\
64,00,65,00,62,00,75,00,67,00,5c,00,2a,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\winlogon.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
"winlogon.exe"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WebClient
; VzFw
; VSS
; Video Server
; VBRuntime
; VAIO Media Integrated Server
; VAIO Media Gateway Server
; Userinit
; Userenv
; UPnPFramework
; SysmonLog
; Starter
; SPTISRV
; SpoolerCtrs
; SPBBCSvc
; Software Restriction Policies
; Software Installation
; SNDSrvc
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; SAVSCAN
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Outlook
; Offline Files
; Oakley
; ntbackup
; NSCService
; NPFMntor
; navapsvc
; MSSQLSERVER/MSDE
; MSSOAP
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; mnmsrvc
; Microsoft Office 11
; Microsoft H.323 Telephony Service Provider
; LoadPerf
; LiveUpdate
; ISSVC
; HelpSvc
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; ccSetMgr
; ccProxy
; ccEvtMgr
; Automatic LiveUpdate Scheduler
; AutoEnrollment
; Autochk
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; AegisP
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,\
00,74,00,00,00,56,00,7a,00,46,00,77,00,00,00,56,00,53,00,53,00,00,00,56,00,\
69,00,64,00,65,00,6f,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,00,00,56,\
00,42,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,00,00,56,00,41,00,49,00,\
4f,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,49,00,6e,00,74,00,65,00,67,\
00,72,00,61,00,74,00,65,00,64,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,\
00,00,56,00,41,00,49,00,4f,00,20,00,4d,00,65,00,64,00,69,00,61,00,20,00,47,\
00,61,00,74,00,65,00,77,00,61,00,79,00,20,00,53,00,65,00,72,00,76,00,65,00,\
72,00,00,00,55,00,73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,\
00,65,00,72,00,65,00,6e,00,76,00,00,00,55,00,50,00,6e,00,50,00,46,00,72,00,\
61,00,6d,00,65,00,77,00,6f,00,72,00,6b,00,00,00,53,00,79,00,73,00,6d,00,6f,\
00,6e,00,4c,00,6f,00,67,00,00,00,53,00,74,00,61,00,72,00,74,00,65,00,72,00,\
00,00,53,00,50,00,54,00,49,00,53,00,52,00,56,00,00,00,53,00,70,00,6f,00,6f,\
00,6c,00,65,00,72,00,43,00,74,00,72,00,73,00,00,00,53,00,50,00,42,00,42,00,\
43,00,53,00,76,00,63,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,\
00,20,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,\
20,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,\
00,74,00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,4e,00,44,00,53,00,72,00,76,\
00,63,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\
6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\
00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\
6c,00,69,00,00,00,53,00,41,00,56,00,53,00,43,00,41,00,4e,00,00,00,73,00,61,\
00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,00,46,00,72,00,64,00,6d,00,\
73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,41,00,73,00,73,00,69,\
00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,00,65,00,72,00,66,00,50,00,\
72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,4f,00,53,00,00,00,50,00,65,\
00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,00,72,00,66,00,6d,00,6f,00,\
6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,62,00,00,00,50,00,65,00,72,\
00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,00,72,00,66,00,63,00,74,00,\
72,00,73,00,00,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,00,00,4f,00,66,\
00,66,00,6c,00,69,00,6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,\
4f,00,61,00,6b,00,6c,00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,\
00,75,00,70,00,00,00,4e,00,53,00,43,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,4e,00,50,00,46,00,4d,00,6e,00,74,00,6f,00,72,00,00,00,6e,00,61,\
00,76,00,61,00,70,00,73,00,76,00,63,00,00,00,4d,00,53,00,53,00,51,00,4c,00,\
53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,45,00,00,00,4d,\
00,53,00,53,00,4f,00,41,00,50,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,\
74,00,61,00,6c,00,6c,00,65,00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,\
00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,\
00,00,4d,00,53,00,44,00,4d,00,69,00,6e,00,65,00,00,00,6d,00,6e,00,6d,00,73,\
00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,31,00,00,00,4d,\
00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,2e,00,33,00,\
32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,00,79,00,20,\
00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,\
69,00,64,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,65,00,72,00,66,\
00,00,00,4c,00,69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,00,00,\
49,00,53,00,53,00,56,00,43,00,00,00,48,00,65,00,6c,00,70,00,53,00,76,00,63,\
00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,00,69,00,\
72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,65,00,20,\
00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,45,00,53,\
00,45,00,4e,00,54,00,00,00,44,00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,\
00,00,44,00,69,00,73,00,6b,00,51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,\
00,79,00,70,00,74,00,33,00,32,00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,\
4f,00,4d,00,00,00,43,00,69,00,00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,\
00,63,00,63,00,53,00,65,00,74,00,4d,00,67,00,72,00,00,00,63,00,63,00,50,00,\
72,00,6f,00,78,00,79,00,00,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,\
00,00,00,41,00,75,00,74,00,6f,00,6d,00,61,00,74,00,69,00,63,00,20,00,4c,00,\
69,00,76,00,65,00,55,00,70,00,64,00,61,00,74,00,65,00,20,00,53,00,63,00,68,\
00,65,00,64,00,75,00,6c,00,65,00,72,00,00,00,41,00,75,00,74,00,6f,00,45,00,\
6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,75,00,74,\
00,6f,00,63,00,68,00,6b,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,\
20,00,31,00,2e,00,31,00,2e,00,34,00,33,00,32,00,32,00,2e,00,30,00,00,00,41,\
00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,4d,00,\
61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,41,00,70,00,70,\
00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,48,00,61,00,6e,00,\
67,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,20,00,45,00,72,00,72,00,6f,00,72,00,00,00,41,00,65,00,67,00,69,00,73,00,\
50,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,\
00,65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,\
6e,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\\WINDOWS\\System32\\winlog.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\\WINDOWS\\System32\\winlog.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

; End Of The Log...

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:32 PM

Posted 03 February 2007 - 05:14 AM

Good work! :thumbsup:

Things are looking a lot better already, we've got a bit more to do though.
Firstly what you can you tell me about the following entry in you uninstall list:
Secure Game Player <-- I can't find any information on it.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O20 - Winlogon Notify: winilb32 - winilb32.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

You are using the LimeWire p2p file sharing program.
This is not technically malware by itself, but it installs malware in order to run properly.
It also opens the door for every other nasty program you can think of.
I strongly recommend that you remove it from your computer.
Read this article for alternatives that will provide some of the same function without the garbage:
http://www.spywareinfo.com/articles/p2p/

I suggest you remove the program now.
Of course if you decide to keep it, it's not a problem.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
LimeWire

This is another article you can read:
http://www.cexx.org/adware.htm

The choice to remove it is entirely up to you, but I would strongly recommend that you get rid of it.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

I see you have Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove any programs related to Viewpoint if present

Please perform this online scan: Kaspersky Webscan
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.

When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.

David

#5 bigdeer32

bigdeer32
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 03 February 2007 - 12:13 PM

Ok, I actually have no idea what Secure Game Player is... never heard of it, and I dont believe i downloaded it (willingly).

I uninstalled LimeWire, on the first website you gave me for alternative p2p programs Limewire was on there, it was a different version, would that version be ok to download. I am also on another computer at the moment, I keep the infected one offline as much as possible, unless I am downloading a program or running a scan. So I just pull up the forum on this one so I can keep the instructions up.

I am doing the Kaspersky scan on the sick computer now.

#6 bigdeer32

bigdeer32
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 03 February 2007 - 01:05 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 03, 2007 11:58:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/02/2007
Kaspersky Anti-Virus database records: 249749
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 49651
Number of viruses found: 15
Number of infected objects: 57 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-02-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C3D1CAC.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4A449D.dll Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\734B4EE8.dll Infected: Trojan.Win32.Agent.vg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74C32B4B.exe Infected: Trojan-Dropper.Win32.Agent.bbp skipped
C:\Documents and Settings\Default User\Desktop\mcodec-v5.749.exe Infected: Trojan-Downloader.Win32.Zlob.tx skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lona Helge\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Lona Helge\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lona Helge\Desktop\mcodec-v5.749.exe Infected: Trojan-Downloader.Win32.Zlob.tx skipped
C:\Documents and Settings\Lona Helge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lona Helge\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lona Helge\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lona Helge\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lona Helge\ntuser.dat Object is locked skipped
C:\Documents and Settings\Lona Helge\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0802NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP44\A0079760.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP44\A0080730.exe Infected: Backdoor.Win32.EggDrop.v skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP44\A0080740.exe Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP45\A0082732.exe/td.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP45\A0082732.exe/zgo.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP45\A0082732.exe ZIP: infected - 2 skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP46\A0084797.exe Infected: Trojan-Downloader.Win32.PurityScan.dt skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP47\A0084822.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP48\A0084835.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP48\A0084843.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP49\A0084846.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0084860.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0084867.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0084892.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0084900.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0084913.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0085321.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP50\A0085502.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085684.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085685.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085693.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085698.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085708.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085714.exe Infected: Trojan-Dropper.Win32.Agent.bbp skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085715.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085717.exe Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085890.dll Infected: Trojan.Win32.Agent.vg skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP51\A0085895.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP52\A0086894.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP52\A0087894.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP52\A0088295.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP53\A0089058.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089060.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089083.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089235.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089252.dll Infected: not-virus:Hoax.Win32.Renos.gi skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089254.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089260.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089261.dll Infected: Trojan.Win32.Agent.vg skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089263.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089265.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0089266.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0090346.exe Infected: Trojan-Downloader.Win32.Tiny.fk skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0090488.exe/td.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0090488.exe/zgo.exe Infected: P2P-Worm.Win32.Agent.v skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0090488.exe ZIP: infected - 2 skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP54\A0090584.exe Infected: Backdoor.Win32.EggDrop.v skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP55\A0090843.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP55\A0090854.exe Infected: Trojan-Dropper.Win32.Agent.bbp skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP55\A0091566.dll Infected: Trojan.Win32.Agent.vg skipped
C:\System Volume Information\_restore{B7FF82F7-676B-4468-81B8-DEE1F41DD1F3}\RP55\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DE9CEBA4-1AF7-45F3-8581-C6EA2F9318FD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Desktop\mcodec-v5.749.exe Infected: Trojan-Downloader.Win32.Zlob.tx skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETF2A7.tmp Object is locked skipped
C:\WINDOWS\Temp\JETF30B.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


-----------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 12:07:33 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HKServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: HKServ.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Edited by bigdeer32, 03 February 2007 - 01:09 PM.


#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:32 PM

Posted 03 February 2007 - 05:13 PM

Good work BigDeer! :thumbsup:

As far as I am concerned, that add/remove list entry that I queried looks dodgy, and the fact that you don't know what it is, and know you didn't willingly install it, leads me to think you should remove it. We'll come to that in a bit. It is true that version of Limewire are clean, and when you install it on your PC there will be nothing maliciously installed. It's when you start to download things off the program that the infections start to flock onto your PC. It's such a security threat, so many people who come on these forums get infected from P2P programs, and that is why I recommend you remove them from your computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Secure Game Player

I want you to remove a few infected quarantined files from your Norton Antivirus.
The instructions depend on the version of Norton that you are running
Please visit the following link, and follow the instructions by clicking the on the appropriate version:
http://service1.symantec.com/SUPPORT/nav.n...000041213443506

Please find and delete the following files:
C:\Documents and Settings\Default User\Desktop\mcodec-v5.749.exe
C:\Documents and Settings\Lona Helge\Desktop\mcodec-v5.749.exe
C:\WINDOWS\system32\config\systemprofile\Desktop\mcodec-v5.749.exe

We need to purge your infected system restore points.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Check Turn off System Restore, click Apply, and then click OK.
More information on how to disable your system restore can be found here.

We want to create a new, clean restore point. Please first reboot your computer.
On the Desktop, right-click My Computer, then click Properties.
Click the System Restore tab near the top of the window.
Uncheck "Turn off System Restore", click Apply, and then click OK.

Click Start > All Programs > Accessories > System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create, and after it has created the restore point, click "Close".
Further instructions on creating a restore point can be found here

Download and save Blacklight to your desktop.
Double-click blbeta.exe then accept the agreement.
Click on scan then click next,
You'll see a list of all items found.
Do not choose for rename yet! I want to see the log first; legitimate items can also be present.
There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Also post a new Hijackthis log, and let me know how the PC is running.
David

#8 bigdeer32

bigdeer32
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 03 February 2007 - 11:07 PM

Deleted "Secure Game Player"

Deleted "mcodec-v5.749"

Created new restore point

downloaded and ran blacklight

computer is running a little faster, im still getting a low signal for my wireless internet, laptop (the infected one) is sitting on the desk right next to the other pc, router is about 2 feet away, and signal is still low and then after a while goes to limited or no connectivity, then i repair and get a low signal again, besides that running like new



02/03/07 21:26:47 [Info]: BlackLight Engine 1.0.55 initialized
02/03/07 21:26:47 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/03/07 21:26:47 [Note]: 7019 4
02/03/07 21:26:47 [Note]: 7005 0
02/03/07 21:26:56 [Note]: 7006 0
02/03/07 21:26:56 [Note]: 7011 1428
02/03/07 21:26:56 [Note]: 7026 0
02/03/07 21:26:56 [Note]: 7026 0
02/03/07 21:27:02 [Note]: FSRAW library version 1.7.1021
02/03/07 21:34:52 [Note]: 7007 0




Logfile of HijackThis v1.99.1
Scan saved at 9:51:33 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HKServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - Global Startup: HKServ.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Edited by bigdeer32, 03 February 2007 - 11:10 PM.


#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:32 PM

Posted 04 February 2007 - 05:08 AM

Great stuff bigdeer32!

The Blacklight log came back clean, so this shows that there is no longer any rootkit/hidden process activity on your computer. The Hijackthis log is now clean, and the online scanner we did showed infections that we cleaned in the last post. I would definitely say you are good to go now, and the PC looks just fine to me. However, you noted about the low wireless signal, which I must say I don't think has anything to do with the problems we've dealt with in the long; I would be very surprised if this problem was caused by malware.

A problem that I once has with my router was to have other electric items running really close to it, which turned out to run at the same frequency. This caused interference, and cancelled out some of the connection. Be sure to keep cordless phones, microwaves and other electrical equipment at least 1m away from the access point. That would be my first point. Secondly you could ring your ISP and they can run checks to see if the internet is properly being transmitted to your PC, it could be a problem on their side, or their cables. Oh, also the icon on the bottom right screen which alerts you of signal strength is not always 100% accurate, and can sometimes give you false signal strengths.

Here are a few quotes that might be helpful:

http://www.velocityreviews.com/forums/t396...l-strength.html
You are no doubt correct, but in my case the signal strength "meter" was accurate, and when it said "Low", it really was low and I was unable to connect to the internet. Soon afterwards it said "Disconnect". By resetting my router (power down, wait a minute, power up), signal
strength immediately returned to "Excellent" and I was able to resume
surfing.


Have a read here also:
http://forums.whirlpool.net.au/forum-repli...cfm/665019.html

Unfortunately I'm not a wireless guru, so if you still can't solve it, I'll recommend you to post in a new topic in the networking part of the Bleepingcomputer forum. Anyhow, please let me know how the system is running in your next reply, the logs are looking clean! :thumbsup:

#10 bigdeer32

bigdeer32
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 04 February 2007 - 11:08 AM

ok, thank you. The computer is working great, and I think i might have found out about the internet, the router is a 2.4ghz and so are my wireless phones. :-/ thank you

Bigdeer32

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:32 PM

Posted 04 February 2007 - 11:59 AM

Glad I could help BigDeer! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:32 PM

Posted 11 February 2007 - 04:53 PM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users