Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Folders Automaticly Closing?


  • Please log in to reply
11 replies to this topic

#1 Flocco

Flocco

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 15 April 2007 - 05:58 PM

Hello Friends,

Recentley i noticed my windows closing on thier own a feww seconds after i open them imediatley followed by error repot window. so i presume there is some thing shady goin' on. Now when i ran the hijak this program an error message came up that was saved to my clipboard and then i recived the hijak this log both are atachted (the error message first followed by the hijak this report, the way i recived them), any ideas are greatly aprciated
thanks in advance tim flocco

Error #70 - Permission denied

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.  An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #70 - Permission denied

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

Logfile of HijackThis v1.99.1
Scan saved at 6:38:47 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 22 April 2007 - 09:47 AM

Hello Flocco,

You've been infected with the sasser worm. Please make sure you are logged on to an account with administrator privileges and disable Ad-Watch or the fixes may not work. Leave Ad-Watch disabled until after you've been declared clean--I have also seen times where it has been necessary to completely uninstall Ad-Aware to keep it from interfering with a fix. To disable it:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options, Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both options.

You may also want to disable SpyEraser.

Download the Sasser removal tool and save it to your desktop: ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.zip

Extract the tool by right clicking f-sasser.zip>Extract All> Next>Next>Finish.

Double-click F-Sasser.exe to run the tool and restart your computer when finished.

Open Internet Explorer and go to Tool>Windows Update. Choose the Express installation to make sure you have all the latest updates. Please do this even tho it appears you have automatic updates turned on.

Perform an onlinescan with Panda:
Panda ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a fresh HijackThis log

I also only see two processes running for your Norton AntiVirus. I would think if it were properly installed, updated and working correctly it would have caught sasser. Can you confirm whether or not you have tried to uninstall Norton, what version you are/were using, if still installed when was the last time it was updated and a full system scan run?

If it's working correctly please run a full system scan now. If not or you want to get rid of Norton, let me know before you install another antivirus.

The thing about people

is they change

when they walk away.--Mipso


#3 Flocco

Flocco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 24 April 2007 - 09:53 PM

Hello Papakid,

Thanks for the post!, I did all that you asked and when i was doin' the the up date thru microsoft the only thing i was missing was the "microsoft .NET Framework 1.1 service pack 1" upon looking in my control panel .... installed programs i saw ....microsoft .NET framework 1.1 and Microsoft .NET framework 1.1 Hotfix (KB8869040), so that was a head scratcher. Any way a bout the norton i thought i uninstalled it a while ago since it expireded and was of no use to me? I did recently download avg shortly after posting my original log just to see if i could get things operating some what smoothly and it did catch a few things of which i can't recall and like a fool i didn't save the log. And one more thing about previous posts i helped a few buddies of mine scan their computer and post their logs for them and told them to look for posts of which they probably didn't???.... but i did post about my computer after doing a sytem restore and the fella gave me some tips of which i didn't respond to partly because i have been busy with classes and partly because i was relieved to find out i wasn't infected....but any way i will the fella a line to thank him and as for your self i am greatfull for all four help too!
Any way with out any furthe a due here are my logs and i look forward to hearing from you and by the way my folder windows are still closing on thier own... even after the avg scan so idon't know but anyway thanks inadvance for alll your help
Flocco

Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_03_04_2007_14_50_22.asq26962
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_04_04_2007_13_11_21.asq41
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_05_04_2007_10_31_48.asq41
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_07_03_2007_22_11_55.asq41
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_11_04_2007_12_38_24.asq41
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_15_04_2007_17_49_54.asq41
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_23_03_2007_20_29_35.asq24464
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Tracking Cookie_25_03_2007_18_03_04.asq41
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Duke\Cookies\duke@adopt.hbmediapro[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Duke\Cookies\duke@atwola[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Duke\Cookies\duke@ccbill[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Duke\Cookies\duke@kinghost[1].txt
Logfile of HijackThis v1.99.1
Scan saved at 10:26:04 PM, on 4/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 25 April 2007 - 01:01 AM

Hi Flocco,

My apologies, I completely misidentified the infection you have. Same file name, but different infection and is described here: http://www.symantec.com/enterprise/securit...-99&tabid=1

First we need to get your Antivirus situation squared away. You have AVG's Anitspyware application running, not the Antivirus that will protect you from many infections. And you aren't the first to not have Norton uninstall nicely.

First order of business is to get rid of what is left of Norton by running the removal tool in the instructions here: How To Remove Your Norton Products Also be sure to delete the folders listed.

Please download AVG Free from here:

AVG Virus Scan

Save the setup file to your desktop.

Now boot your computer into Safe Mode

Install AVG and run a full system scan.

While still in safe mode, Scan again with HijackThis and put a checkmark next to the following entries:

O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe

Close all other windows--you should only see HijackThis on your Desktop and Taskbar--and then click the "Fix checked" button.

Using My Compter/Windows Explorer, delete this file:

C:\WINDOWS\system32\lsasss.exe<--Be very careful of the exact spelling and only delete this file--note the three s's at the end--lsass.exe is a critical system file.

Reboot back into normal mode.

Click to download the ZmeFix.reg file attached below and save it to your desktop. Double-click to allow it to merge to your registry.

Scan again with HijackThis and post a new log. Let me know how things are running now.

Click here to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.
Come back here to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Attached Files


The thing about people

is they change

when they walk away.--Mipso


#5 Flocco

Flocco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 25 April 2007 - 09:06 PM

Hi Papakid,

i Tried doin all you said but the first snag i hit was installing avg in safe mode i wasn't able to do it... when i did i got an error mmessage "error installing avg:action failed for file avg7core.sys:starting service....this service can't be started in safe mode 1084" also id din't find the lsasss exe in sytem32 folder only lsass and lsasrv.dll ??? so i installed avg in normal mode and ran a scan and it came up with nothing. still some odd things are when i open internet explorer two tabs open one for aol.com and one for yahoo.com which i thought was wierd.... but i'm still gettin the error message when i open a file folder and it ends up closing and asking whether or not to send an error report.

so here are my reports and thanks for your time in this matter!
Flocco

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

02/08/2005 02:32 PM 126,976 hkcmd.exe
02/08/2005 02:36 PM 155,648 igfxtray.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

09/10/2004 01:10 AM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

01/24/2005 08:58 PM 81,920 SsAAD.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\SONY\VAIOSU~1\BAK

08/19/2004 06:07 PM 331,776 surveysa.exe
1 File(s) 331,776 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

01/14/2005 05:43 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\VAIOZO~1\BAK

01/31/2005 11:10 AM 192,512 AvRmtCtr.exe
1 File(s) 192,512 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/20/2003 01:08 AM 28,672 PartSeal.exe
07/16/2004 03:17 PM 53,248 reminder.exe
2 File(s) 81,920 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

08/04/2004 08:00 AM 158,208 MSConfig.exe
1 File(s) 158,208 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

126976 Feb 8 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
126976 Feb 8 2005 "C:\WINDOWS\Drivers\Intel 915G graphics\Win2000\hkcmd.exe"
155648 Feb 8 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Feb 8 2005 "C:\WINDOWS\Drivers\Intel 915G graphics\Win2000\igfxtray.exe"
344064 Sep 10 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
81920 Jan 24 2005 "C:\Program Files\Sony\sonicstage\bak\SsAAD.exe"
331776 Aug 19 2004 "C:\Program Files\Sony\VAIO Survey\bak\surveysa.exe"
151552 Jan 14 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
192512 Jan 31 2005 "C:\Program Files\Sony\VAIO Zone Remote Commander\bak\AvRmtCtr.exe"
28672 Apr 20 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
53248 Jul 16 2004 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\reminder.exe"
158208 Aug 4 2004 "C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe"
158208 Aug 4 2004 "C:\WINDOWS\pchealth\helpctr\binaries\bak\MSConfig.exe"


end of report

Logfile of HijackThis v1.99.1
Scan saved at 9:44:57 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Duke\Desktop\utorrent.exe
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 30 April 2007 - 11:28 PM

Hey Flocco,

Sorry for the long delay, I've been sidetracked. Could you post back if you still need help and I'll see what else we can do.

The thing about people

is they change

when they walk away.--Mipso


#7 Flocco

Flocco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 04 May 2007 - 11:50 AM

Hey Papakid!

thanks for gettin back to me, don't sweet the time for the replie were all busy sometime. any way my previos post gose into the details and problems i ran into when triing to set thing up in safe mode....so other wise heres a hijak this log and the awf log.......

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

02/08/2005 02:32 PM 126,976 hkcmd.exe
02/08/2005 02:36 PM 155,648 igfxtray.exe
2 File(s) 282,624 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

09/10/2004 01:10 AM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

01/24/2005 08:58 PM 81,920 SsAAD.exe
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\SONY\VAIOSU~1\BAK

08/19/2004 06:07 PM 331,776 surveysa.exe
1 File(s) 331,776 bytes

Directory of C:\PROGRA~1\SONY\VAIOUP~1\BAK

01/14/2005 05:43 PM 151,552 VAIOUpdt.exe
1 File(s) 151,552 bytes

Directory of C:\PROGRA~1\SONY\VAIOZO~1\BAK

01/31/2005 11:10 AM 192,512 AvRmtCtr.exe
1 File(s) 192,512 bytes

Directory of C:\WINDOWS\SONYSYS\VAIORE~1\BAK

04/20/2003 01:08 AM 28,672 PartSeal.exe
07/16/2004 03:17 PM 53,248 reminder.exe
2 File(s) 81,920 bytes

Directory of C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\BAK

08/04/2004 08:00 AM 158,208 MSConfig.exe
1 File(s) 158,208 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

126976 Feb 8 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
126976 Feb 8 2005 "C:\WINDOWS\Drivers\Intel 915G graphics\Win2000\hkcmd.exe"
155648 Feb 8 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Feb 8 2005 "C:\WINDOWS\Drivers\Intel 915G graphics\Win2000\igfxtray.exe"
344064 Sep 10 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
81920 Jan 24 2005 "C:\Program Files\Sony\sonicstage\bak\SsAAD.exe"
331776 Aug 19 2004 "C:\Program Files\Sony\VAIO Survey\bak\surveysa.exe"
151552 Jan 14 2005 "C:\Program Files\Sony\VAIO Update 2\bak\VAIOUpdt.exe"
192512 Jan 31 2005 "C:\Program Files\Sony\VAIO Zone Remote Commander\bak\AvRmtCtr.exe"
28672 Apr 20 2003 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\PartSeal.exe"
53248 Jul 16 2004 "C:\WINDOWS\SONYSYS\VAIO Recovery\bak\reminder.exe"
158208 Aug 4 2004 "C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe"
158208 Aug 4 2004 "C:\WINDOWS\pchealth\helpctr\binaries\bak\MSConfig.exe"


end of report
Logfile of HijackThis v1.99.1
Scan saved at 12:33:09 PM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Documents and Settings\Duke\Desktop\utorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Duke\Desktop\FindAWF.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 08 May 2007 - 12:52 AM

OK, don't worry about not being able to install AVG in safe mode--I need to change my standard instructions on that. Scanning in safe mode is still more effective as malware that could be interfering with removal won't be running there.

Anyway this infection you have has backed up several legit files and put bad ones of the same name in their place. AVGAS may already have deleted the bad files, but what we need to do is take the good file out of the BAK folder, put it back in it's original location (folder) and then delete the BAK folder it was in.

Note: It is possible a bad file of the same name will still be in the original folder. When you move the legit file there, just let it overwrite it with the good file from the BAK folder.

This will be a little tedious and let me explain the procedure in detail for one file, then we can use a sort of shorthand for the rest.

Using Windows Explorer, open this folder:

C:\Program Files\ATI Technologies\ATI Control Panel\BAK

Right click the file atiptaxx.exe and choose cut.

Now navigate to this folder:

C:\Program Files\ATI Technologies\ATI Control Panel

Press your Ctrl and V keys at the same time to paste the file back into the right folder (ATI Control Panel).

Now go back and delete the relevant BAK folder in bold above--which would be C:\Program Files\ATI Technologies\ATI Control Panel\BAK.

The shorthand way for me to instruct you to do this will be to list the BAK folder that will need to be deleted once the legit files are taken out of it in bold, under that the file that needs to be moved to the correct folder, then under that where the correct folder for the legit file is, like thus:

C:\Program Files\ATI Technologies\ATI Control Panel\BAK

atiptaxx.exe

C:\Program Files\ATI Technologies\ATI Control Panel

If you aren't clear on what I'm asking you to do, post back and let me know before you take this on. It would also be best to reboot your computer into Safe Mode before doing these deletions and moving, so print or save these instructions to Notepad or your text editor of choice since you won't have access to them in safe mode.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Also be sure that Adwatch is disabled as I mentioned in my first post.

Here are the rest:

C:\WINDOWS\SYSTEM32\BAK

hkcmd.exe AND igfxtray.exe

C:\WINDOWS\system32


C:\Program Files\Sony\SONICSTAGE\BAK

SsAAD.exe

C:\Program Files\Sony\SONICSTAGE


c:\program files\sony\vaio survey\BAK

surveysa.exe

c:\program files\sony\vaio survey


C:\Program Files\Sony\VAIO Update 2\BAK


VAIOUpdt.exe

C:\Program Files\Sony\VAIO Update 2


C:\Program Files\Sony\VAIO Zone Remote Commander\BAK

AvRmtCtr.exe

C:\Program Files\Sony\VAIO Zone Remote Commander


C:\WINDOWS\Sonysys\VAIO Recovery\BAK

PartSeal.exe AND reminder.exe

C:\WINDOWS\Sonysys\VAIO Recovery


C:\WINDOWS\pchealth\helpctr\binaries\bak

msconfig.exe

C:\WINDOWS\pchealth\helpctr\binaries

And finally, you have one BAK folder with no file in it that can be deleted:

C:\Program Files\Messenger\BAK

This means the msmsgs.exe file that is the Windows Messenger instant messenging application in the legit location may still be infected. Do you use Windows or MSN Messenger or maybe have uninstalled it? AVGAS may also have deleted the backup, but let's check the file itself.

Go to C:\Program Files\Messenger and tell me if msmsgs.exe Is present or not. If there, right click on it and choose Properties. Write down the Size and the Date modified and post it back here please.

I would also like to see the AVGAS log from when you first installed it. It should still be there--open up AVG Antispyware and click on Reports. In the left hand column will be a list of reports named by the date they were run--please find the one that corresponds to when you first ran it, click it and copy the text that appears in the main pane and post it back here.

Then run FindAWS again and post it's log.

As one last step, do this:

Please download Combofix to your desktop.

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.

Post this log in your next reply.

So in you next post, I need to see:

Info on msmsgs.exe file
Old AVGAS log
FindsAWS log
ComboFix log

And let me know how it's running now.

The thing about people

is they change

when they walk away.--Mipso


#9 Flocco

Flocco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 08 May 2007 - 02:44 PM

Hey papakid,

I don't use the messenger and i thought i did uninstall it but just like norton it was never really gone....
anyway heres the specs: 1.61 MB created 3/2/05 modified 10/13/04

and here are the reports.....

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:35:07 PM 4/17/2007

+ Scan result:



C:\Documents and Settings\Duke\Local Settings\Temporary Internet Files\Content.IE5\6NI8HT3A\popup[1].htm -> Hijacker.Agent.a : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\Clickzs.com_23_03_2007_20_29_35.asq5705 -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Duke\Application Data\Uniblue\SpyEraser\Quarantine\DoubleClick_07_03_2007_22_11_55.asq15724 -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.


::Report end

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report



"Duke" - 2007-05-08 15:13:39 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Duke\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\setup.exe


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-04-30 18:17 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\COREL
2007-04-25 20:28 1,048,576 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-25 11:45 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\InterVideo
2007-04-24 21:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-17 01:47 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-16 19:18 <DIR> d-------- C:\Program Files\Xilisoft
2007-04-16 19:18 <DIR> d-------- C:\Program Files\QuickTime
2007-04-15 18:21 <DIR> d-------- C:\Click to DVD 2
2007-04-13 21:27 90,112 --a------ C:\WINDOWS\system32\CNMCP75.exe
2007-04-13 21:27 8,704 --a------ C:\WINDOWS\system32\CNMVS75.DLL
2007-04-13 21:27 139,776 --a------ C:\WINDOWS\system32\CNMLM75.DLL
2007-04-13 21:27 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-04-13 21:26 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\Gtek
2007-04-13 21:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek
2007-04-13 21:21 <DIR> d-------- C:\Program Files\Canon
2007-04-13 21:07 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-08 10:54 <DIR> d-------- C:\Program Files\Red Chair Software
2007-04-08 10:54 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\Red Chair Software


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 19:02:40 -------- d-----w C:\Program Files\Messenger
2007-05-08 18:49:44 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\uTorrent
2007-04-26 14:44:47 -------- d-----w C:\Program Files\dvdSanta
2007-04-25 15:47:40 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\Sony Corporation
2007-04-25 02:07:24 -------- d-----w C:\Program Files\Google
2007-04-05 17:36:33 -------- d-----w C:\Program Files\URUSoft
2007-03-31 15:47:30 55,949 ----a-w C:\WINDOWS\system32\x264-uninstall.exe
2007-03-26 22:41:37 -------- d-----w C:\Program Files\TI Education
2007-03-26 22:40:59 -------- d-----w C:\Program Files\Common Files\TI Shared
2007-03-26 22:39:54 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-03-25 22:32:37 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\WinRAR
2007-03-22 00:36:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-22 00:36:06 -------- d-----w C:\Program Files\eMusic Download Manager
2007-03-22 00:35:46 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\InstallShield
2007-03-22 00:05:33 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\AdobeUM
2007-03-21 00:27:23 -------- d-----w C:\Program Files\Vodei
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 15:19:45 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\Ahead
2007-03-09 01:13:31 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-09 01:12:30 -------- d-----w C:\Program Files\Nero
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-08 02:49:21 -------- d-----w C:\DOCUME~1\Duke\APPLIC~1\Google


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0\bin\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"CreateCD_Reminder"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\reminder.exe"
"VAIO Update 2"="\"C:\\Program Files\\Sony\\VAIO Update 2\\VAIOUpdt.exe\" /Stationary"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"VAIOSurvey"="c:\\program files\\sony\\vaio survey\\surveysa.exe"
"VZRemoteCommander"="C:\\Program Files\\Sony\\VAIO Zone Remote Commander\\AvRmtCtr.exe"
"VAIO Recovery"="C:\\WINDOWS\\Sonysys\\VAIO Recovery\\PartSeal.exe"
"SsAAD.exe"="C:\\PROGRA~1\\sony\\SONICS~1\\SsAAD.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Uniblue SpyEraser"="\"C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe\" -m"
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SSSCSISV


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Uniblue SpyEraser.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 15:15:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\windows-kb870669-x86-enu.exe 106496 bytes
C:\WINDOWS\WindowsShell.Manifest 4096 bytes
C:\WINDOWS\WindowsUpdate.log 1597440 bytes
C:\WINDOWS\windowsxp-kb867282-x86-enu.exe 3829760 bytes
C:\WINDOWS\windowsxp-kb873333-x86-enu.exe 1777664 bytes
C:\WINDOWS\windowsxp-kb884018-x86-enu.exe 528384 bytes
C:\WINDOWS\windowsxp-kb885250-x86-enu.exe 790528 bytes
C:\WINDOWS\windowsxp-kb885835-x86-enu.exe 3104768 bytes
C:\WINDOWS\windowsxp-kb885836-x86-enu.exe 532480 bytes
C:\WINDOWS\windowsxp-kb886185-x86-enu.exe 397312 bytes
C:\WINDOWS\windowsxp-kb887472-x86-enu.exe 1081344 bytes
C:\WINDOWS\windowsxp-kb887742-x86-enu.exe 458752 bytes
C:\WINDOWS\windowsxp-kb888113-x86-enu.exe 372736 bytes
C:\WINDOWS\windowsxp-kb888239-x86-enu.exe 438272 bytes
C:\WINDOWS\windowsxp-kb888302-x86-enu.exe 397312 bytes
C:\WINDOWS\windowsxp-kb890047-x86-enu.exe 4476928 bytes
C:\WINDOWS\windowsxp-kb890175-x86-enu.exe 684032 bytes
C:\WINDOWS\windowsxp-kb891781-x86-enu.exe 409600 bytes
C:\WINDOWS\winhelp.exe 258048 bytes
C:\WINDOWS\winhlp32.exe 286720 bytes
C:\WINDOWS\winnt.bmp 49152 bytes
C:\WINDOWS\winnt256.bmp 49152 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WinSxS\InstallTemp
C:\WINDOWS\WinSxS\Manifests
C:\WINDOWS\WinSxS\Policies
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0
C:\WINDOWS\wmsetup.log 69632 bytes
C:\WINDOWS\wmsetup10.log 384 bytes
C:\WINDOWS\WMSysPr9.prx 319488 bytes
C:\WINDOWS\xpsp1hfm.log 392 bytes
C:\WINDOWS\Zapotec.bmp 12288 bytes
C:\WINDOWS\_default.pif 712 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 44


********************************************************************

Completion time: 2007-05-08 15:15:38
C:\ComboFix-quarantined-files.txt ... 2007-05-08 15:15



2003-07-24 15:51	  111552	--a------	C:\Qoobox\Quarantine\C\WINDOWS\setup.exe.vir


Folder PATH listing
Volume serial number is 647A-403C
C:\QOOBOX
\---Quarantine
	+---C
	|   \---WINDOWS
	|		   setup.exe.vir
	|		   
	\---Registry_backups



Thanks for all the help, so far things seem to be running right.
flocco

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 09 May 2007 - 01:00 PM

OK, the Messenger file looks to be the right size so we're in good shape there and you did a good job moving the files and deleting the bak folders. Still some more to do tho.

Download DelDomains.inf by right-clicking the following link and choosing Save Target As (IE/Opera) or Save Link As... (Mozilla/Firefox) and save to your desktop: http://www.mvps.org/winhelp2002/DelDomains.inf

Locate DelDomains.inf on your desktop, right-click and select: Install
You will not see any on-screen action.

Note: This will remove all entries in the Trusted, Restricted, and Enhanced Security Configuration Zones, so any sites you may have added to those zones yourself will need to be re-added. This includes pre-determined implementations such as Spywareblaster, IE-Spyad, etc., so those will need to be re-applied.


Download ResetProtocolDefaults.reg by right-clicking the following link and choosing Save Target As (IE/Opera) or Save Link As... (Firefox) and save to your desktop: http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

Double-click ResetProtocolDefaults.reg on your desktop and allow it to merge with your registry.


Please download ATF Cleaner by Atribune, save it, but don't run it quite yet.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Print out these instructions or save them to Notepad or your text editor of choice, since you won't have access to them in safe mode.

Reboot your computer in SAFE MODE" using the F8 method.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply.


Run HijackThis then click on Open the Misc Tools Section
Click on Open ADS Spy
Uncheck the "Quick Scan"
Uncheck the "Ignore safe system info data streams"
Finally, click Scan.

ADS Spy will scan the system and report all the ADS present. More information with a screenshot, can be found here.
When finished click Save log and post it in your next reply.


I don't see in your log where you are running a firewall. You really need to get one. We might have caught this earlier if you had one installed that reports outgoing packets. Here are some free ones; please choose one, install it and reboot:

Kerio Personal Firewall
OutPost Firewall Free
ZoneAlarm
Comodo


Understanding and Using Firewalls
US-CERT's Understanding Firewalls

Then test your firewall's ability at Shields Up


One item left in your HJT log that you don't need, so scan again with HijackThis and put a checkmark next to the following entry:

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Close all other windows--you should only see HijackThis on your Desktop and Taskbar--and then click the "Fix checked" button.

So in your next reply I need to see:

1. SDFix log
2. ADS Spy log
3. A fresh HijackThis log.

The thing about people

is they change

when they walk away.--Mipso


#11 Flocco

Flocco
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 21 May 2007 - 12:42 PM

Hello Papkid,

Sorry for the delay but i been busy with finals and then right back in the next week for summer sesiions... anyway i got all the reports you requested and i installed a firewall and i clicked on the link you posted to check to see if it was working properley and i kept gettin "explorer cannot displayed page" message
so thanks in advance for the help and here are the logs......
flocco.

SDFix: Version 1.83

Run by Duke - Wed 05/09/2007 - 15:18:22.79

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Disabled:Red Chair Manager"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:


Finished


C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\01-dj_krush_-_live_at_sonar_festival_(barcelona)-sat-06-17-2006-hsalive.mp3.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\24.s06e20.HDTV.english.avi.zip.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\24.S06E21.HDTV.XviD-LOL.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\300 2007 LRC PROPER TS KvCD Jamgood(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\ALLIGATOR.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Angel heart.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Anita Dark 2.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Apocalypse Now REDUX.1.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Aria Giovanni - Digital Desires.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Army of Darkness - Director's Cut XviD.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Around_the_world_in_80_days.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Art Blakey & The Jazz Messengers - Roots And Herbs (Remaster).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Auto Focus.mp4.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Being There.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Blue Velvet.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bob Marley - Apollo, Harlem 10-25-79 late show.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bob Marley and The Wailers - The Early Years 1968-74(FLAC)(EAC )(CUE)(LOG)(HI-Q-SCANS)(oan).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bob_Marley-Stop_That_Train-CD-2006-OBC.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bombay.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bonnie and Clyde [1967] [DVDRip].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bronenosets Potyomkin.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Bulworth.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Burn!.divx.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Butch Cassidy and the Sundance Kid.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Cannibal Holocaust (1980).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Charles Bronson Mr Majestyk Xvid AC3.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Charlie Chaplin - A Woman Of Paris (1923).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Citizen Kane - AC3 [XviD].avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Clutch-From_Beale_Street_To_Oblivion-2007-uF.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Company Flow - Funcrusher Plus (256 kbps).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Company Flow - Little Johnny From the Hospital.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\David Lynch - Darkened Room (2002).avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\David Lynch - Mulholland Drive (2001) [DVDrip AVC AAC][liDEL].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\David Lynch.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\David_Lynch-Industrial_Symphony_No1.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\DEAD_RECKONING.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Death.Wish.1984.DVD-RIP.XviD.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Dinosaur_Jr-Beyond-(Advance)-2007-uF.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\DJ Premier - New York Reality Check 101.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Donnie Darko (The Directors Cut) DVDRip KVCD by Dev (A TUS RELEASE).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Dumbland- All episodes- david lynch_by_sinner.cl.wmv.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\dvdSanta v4.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Easy_Rider_1969_(Syonoid).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\ec_1.AVI.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\El Mariachi.1992.DVDRip.XviD.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\el topo.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Evil Dead Trilogy.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Eyes.Wide.Shut.1999.XviD.Beefstew.RG.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\fando.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Fargo.DVDRip.XviD.MakingOff.Org.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Fellini's Amarcord.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Five Easy Pieces.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Freaks (1932).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Fritz the Cat (1972).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Ginger Lea - Jack's Milf Show.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Ginger Lea - street-walkers-4-scene1.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Ginger Lea - The Mother-Load, scene 2.mpg.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Ginger.Lea-Anal.Swine.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Gorillaz - Real Rarities.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Gorillaz.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Grindhouse OST.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Guns'n'roses - Greatest Hits 2004 + Cover By Andry83.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Hannibal.Rising.TS.PROPER.XviD-ReCode.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Henry - Portrait Of A Serial Killer [DivX].avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Herbie Hancock.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\HipHopMix.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\History Of The World Part I.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\HWB - Ginger Lea.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Inside.Dr.Strangelove.2000.DVDRip.Xvid-jemenfous.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Jeff Beck - Live with Jan Hammer.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Jerry Lewis-The Ladies Man-DVDRIP.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Joe Strummer & The Mescaleros - Global A Go-Go.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Killers Kiss.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\King Of New York.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Kira at Night.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Kool_Keith_Discography 28 + cds.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Kubrick_Short Films.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Luis Bunuel - le Voie Lactee (the Milky Way) (1969).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Magnum Force - Dirty Harry 1973 [XviD].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\MASH.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Max Sedgley - From The Roots To The Shoots [2006][Other][www bitmp3 com].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Mean.Streets[1973.Scorsese]DVDrip-PsyCoSys.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\MILF.Cruiser.9.XviD-SWE6RUS.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Mutiny on the Bounty (1935).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Mutiny on the Bounty(1962)[taelva.no-ip.org][Dvdrip][Dual][Mltillinsubtil][TICOSE].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\My first sex teacher-Mrs. Ginger Lea.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Naked Lunch 1991 DVDRip KVCD Brady(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Nero 7 Premium Reloaded v.7.5.9.1 MULTiLANGUAGE RESTORE.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\New Folder.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Once Upon A Time In Mexico[2003]DvDripXviD[Eng]-BugZ@Darkside.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Once-Upon-A-Time-In-America.divx.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\One Eyed Jacks.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Oscar Peterson - Meets Roy Hargrove & Ralph Moore.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Paths of glory.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Pink Floyd-Flac Discography-part 2.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Platoon (1986).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Psych-Out 1967.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Radiohead - New Album Live Bootleg.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Radiohead-Me_And_This_Army_Radiohead_Remixes-2005-h8me.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Rage Against The Machine - Live & Rare.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Raging Bull.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Return of the Pink Panther.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Rickie Lee Jones - Rickie Lee Jones (1979).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Rickie Lee Jones - The Sermon on Exposition Boulevard.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Rolling.Thunder.1977.Xvid-SER.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Roman.Polanskis.Repulsion.1965.DVDrip.XviD.Kassetband.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Rosemary's Baby.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Santa sangre.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Santa.Sangre.1989.DVDRip.XviD.DualAudio-KamuiX.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Sid And Nancy 1986 DVDRip kvcd Jamgood(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Silent.running.1971.DVDRip.XViD-MPAA.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Sin City Uncut.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Sleepers.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Soundbombing.2.Rawkus.1999.320kbps.PrinzNL.reseed.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Spiderman 3 2007 mVs TeleSync KVCD Brady(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Stalker 1979 DVDRip KVCD Brady(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Stanley Kubrick - A Life In Pictures [DivX][Documentary][2001][DVDRip].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The African Queen (1951-Bogart, Hepburn) DivX4.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Color of Money XviD.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Cotton Club (1984).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Evil Dead (1981).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Graduate 1967 DVDRiP KvCD Jamgood(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Holy Mountain.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Hustler [Eng][XviD][1961].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Life and Death of Peter Sellers 2004 kvcd by BummedOut(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Nutty Professor (1963).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Philadelphia Experiment 1984 DVDRip kvcd Jamgood(TUS Release).torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Prisoner of Shark Island.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Raconteurs.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Roaring Twenties (1938) James Cagney - Humphrey Bogart.avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The scarface.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Short Films of David Lynch by EdDie.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The Sicilian (1987)(Christopher Lambert) 528x240.XviD.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The.Departed[2006]DvDrip[Eng]-aXXo.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The.Mack.1973.DVDRip.DivX-chuckan.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\The_Kid_Stays_In_Picture_(2002)-Makaveilli-.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Thriller.They.Call.Her.One.Eye.Xvid-SER.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Thunderbolt.and.Lightfoot[1974]DvD Rip[Eng]Xvid.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Touch of Evil [Orson Welles].avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Twin.Peaks.Fire.walk.with.me.1992.DVDRip.XviD.FRA.PtBR.ESP.by.espantalho.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Un chien andalou (1929) [Recode AVC AAC][liDEL].torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\When Vivid Girls Go Anal.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Wild At Heart.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\x-video-converter 3.1.19.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\Zabriskie Point (1970).x264.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[CD]Faith No More - 1987 - Introduce Yourself.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[CD]Faith No More - 1992 - Angel Dust.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[CD]Faith No More - 1995 - King For a Day, Fool For a Lifetime.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[CD]Faith No More - 1997 - Album Of The Year.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[CD]Faith No More - 1998 - Who Cares A Lot (Limited Edition) - CD 1.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[DVD] EraserHead.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Application Data\uTorrent\[Roman Polanski] Cul-de-Sac.1966.DVDRip.XviD-MDX[CiN].avi.torrent : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\ATF-Cleaner.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\avg75free_463a1000.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\ComboFix.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\DelDomains.inf : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\FindAWF.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\ResetProtocolDefaults.reg : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\SDFix.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\Sunbelt-Personal-Firewall.exe : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\Vera Lynne - We'll Meet Again.mp3 : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Desktop\ztrip_fpv2.zip : Zone.Identifier (26 bytes)
C:\Documents and Settings\Duke\Favorites\Adding subtitles with DVDSanta - Mininova Forum.url : favicon (318 bytes)
C:\Documents and Settings\Duke\Favorites\adr.com.url : favicon (1406 bytes)
C:\Documents and Settings\Duke\Favorites\Apple - Page Not Found.url : favicon (7782 bytes)
C:\Documents and Settings\Duke\Favorites\BleepingComputer.com - HijackThis Logs and Analysis.url : favicon (1406 bytes)
C:\Documents and Settings\Duke\Favorites\Computershare - Investors - Upgrade.url : favicon (1078 bytes)
C:\Documents and Settings\Duke\Favorites\File Folders Automaticly Closing.url : favicon (1406 bytes)
C:\Documents and Settings\Duke\Favorites\How to troubleshoot Microsoft .NET Framework 1.1 installation issues.url : favicon (3638 bytes)
C:\Documents and Settings\Duke\Favorites\ING DIRECT - Save Your Money!.url : favicon (894 bytes)
C:\Documents and Settings\Duke\Favorites\Login.url : favicon (1406 bytes)
C:\Documents and Settings\Duke\Favorites\MP3 music downloads at eMusic.url : favicon (1406 bytes)
C:\Documents and Settings\Duke\Favorites\My Yahoo!.url : favicon (318 bytes)
C:\Documents and Settings\Duke\Favorites\SCIENCELAB.COM - Order Tracking.url : favicon (894 bytes)
C:\Documents and Settings\Duke\Favorites\TurboTax® FREE Tax Filing, Income Tax Software, Online Taxes, Tax Preparation, File Taxes Online, Tax Return.url : favicon (4838 bytes)
C:\Documents and Settings\Duke\Favorites\Yahoo!.url : favicon (6598 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\300 2007 LRC PROPER TS KvCD Jamgood(TUS Release)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Aria Giovanni - Digital Desires\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Army of Darkness - Director's Cut XviD\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Being There\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Blue Velvet\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Bonnie and Clyde [1967] [DVDRip]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Bronenosets Potyomkin\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Cannibal Holocaust (1980)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Charles Bronson Mr Majestyk Xvid AC3\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Charlie Chaplin - A Woman Of Paris (1923)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\David Lynch\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\David_Lynch-Industrial_Symphony_No1\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\DJ Premier - New York Reality Check 101\art\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Easy_Rider_1969_(Syonoid)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\El Mariachi.1992.DVDRip.XviD\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Eyes.Wide.Shut.1999.XviD.Beefstew.RG\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\fando\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Fargo.DVDRip.XviD.MakingOff.Org\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Fellini's Amarcord\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Five Easy Pieces\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Freaks (1932)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Fritz the Cat (1972)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Guns'n'roses - Greatest Hits 2004 + Cover By Andry83\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\HipHopMix\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\HWB - Ginger Lea\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Jeff Beck - Live with Jan Hammer\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Jerry Lewis-The Ladies Man-DVDRIP\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Joe Strummer & The Mescaleros - Global A Go-Go\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Killers Kiss\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Kira at Night\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Kubrick_Short Films\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Luis Bunuel - le Voie Lactee (the Milky Way) (1969)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Magnum Force - Dirty Harry 1973 [XviD]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Mean.Streets[1973.Scorsese]DVDrip-PsyCoSys\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Platoon (1986)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Psych-Out 1967\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Rage Against The Machine - Live & Rare\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Return of the Pink Panther\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Rickie Lee Jones - The Sermon on Exposition Boulevard\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Rosemary's Baby\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Santa.Sangre.1989.DVDRip.XviD.DualAudio-KamuiX\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Sid And Nancy 1986 DVDRip kvcd Jamgood(TUS Release)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Silent.running.1971.DVDRip.XViD-MPAA\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Sleepers\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Stanley Kubrick - A Life In Pictures [DivX][Documentary][2001][DVDRip]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The African Queen (1951-Bogart, Hepburn) DivX4\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The Color of Money XviD\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The Cotton Club (1984)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The Evil Dead (1981)\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The Hustler [Eng][XviD][1961]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The Prisoner of Shark Island\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The scarface\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The Short Films of David Lynch by EdDie\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The.Departed[2006]DvDrip[Eng]-aXXo\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The.Mack.1973.DVDRip.DivX-chuckan\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\The_Kid_Stays_In_Picture_(2002)-Makaveilli-\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Thunderbolt.and.Lightfoot[1974]DvD Rip[Eng]Xvid\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\Un chien andalou (1929) [Recode AVC AAC][liDEL]\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\When Vivid Girls Go Anal\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\[CD]Faith No More - 1995 - King For a Day, Fool For a Lifetime\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\Downloads\[CD]Faith No More - 1997 - Album Of The Year\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Bob Marley\The Best of Bob Marley [Madacy Box] Disc 3\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Bob Marley\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Cyndi Lauper\The Essential Cyndi Lauper\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Cyndi Lauper\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\James Blunt\Back to Bedlam\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\James Blunt\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Jane Monheit\Taking a Chance on Love\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Jane Monheit\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\John Mellencamp\Scarecrow\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\John Mellencamp\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Nanci Griffith\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Nanci Griffith\Winter Marquee\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Patti Smith Group\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Patti Smith Group\Wave\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Susan Tedeschi\Live From Austin TX\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\Susan Tedeschi\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\The Cars\The Cars\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\The Cars\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\The Crickets\The Crickets & Their Buddies\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\The Crickets\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\U2\All That You Can't Leave Behind\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Music\U2\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\My Videos\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Duke\My Documents\VIDEO_TS\Bonnie and Clyde [1967] [DVDRip].mpg : SummaryInformation (88 bytes)
C:\Documents and Settings\Duke\My Documents\VIDEO_TS\Bonnie and Clyde [1967] [DVDRip].mpg : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
C:\Program Files\utorrent\utorrent.exe : Zone.Identifier (26 bytes)


Logfile of HijackThis v1.99.1
Scan saved at 1:25:00 PM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\Duke\Desktop\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Duke\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter hijack: text/xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 23 May 2007 - 11:48 PM

Hey Flocco,

The Shields Up Site to test your firewall may have been down when you went there. It works for me. Try it again and if you still can't access it let me know.

Also let me know of any other problems or symptoms. The original problem with the folders went away, correct?

Let's do one more general scan:

Download and scan with SUPERAntiSypware Free for Home Users
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users