View Full Version : Another Virtumonde victim...
NotComputerSavvy
2007-12-16, 14:42
Hello,
About the same time I switched from IE 6 to IE 7, I started getting plagued by pop-ups. At first I thought it was just Internet Speed Monitor, but after following directions to uninstall, I continued to experience problems.
Thanks to S&D I learned I also have Virtumonde (and maybe other things)... I am really not very computer savvy, but I follow directions well and would really appreciate some help.
Below is the HJT log, but something is going on that prevents me from running the Kaspersky Online Scan...
Thank you in advance,
Kristin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:01 AM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [e412d211] rundll32.exe "C:\WINDOWS\system32\kswhkyby.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA499] command /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4439] cmd /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3750] command /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5367] cmd /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2872] command /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5002] cmd /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6771] command /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD297] cmd /c del "C:\WINDOWS\system32\pmnmnml.dll_old"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sslvpn.medical.washington.edu/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196703942328
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11694 bytes
Hello Kristin
Welcome to Safer Networking.
Please read Before YouPost (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Internet Speed Monitor is malware
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
The thieves that have written Vundo have written it to go undected by Hijackthis so we need to rename it to something else so those entries will show up on your log.
This is important , do this and post a new Hijackthis log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass ) and rename it to Kristin.exe
So...run combofix , rename HJT and post both logs please
NotComputerSavvy
2007-12-17, 06:35
Hi! Thank you so much for your help.
So I should inform you that after my initial post, S&D gave me a pop-up window that said the following and kept multiplying:
S&D has encountered and termined a process that is listed as part of a malicious software.
Process ID: 2032
Filename: wwkrnogf.exe
Found in: C:\\WINDOWS\system32\
Identified as: Virtumonde.ddc
If S&D encounters this process again...
- Inform me again
- Automatically kill this process
- Allow this process to run (NOT RECOMMENDED)
- Delete the associated file
I took a screenshot in case it helps. Because the window kept multiplying and would not go away (even after rebooting), I did not know what else to do besides uninstall S&D. I'm sorry if this complicates matters, and please let me know if we need to take a step back...
In case it doesn't affect matters, and I went ahead and followed your instructions:
- Downloaded Combofix to my desktop and ran it
- Renamed HJT to Kristin.exe and ran it
Both logs do not fit, so I'll post the HJT log next. Thanks again!
ComboFix 07-12-16.4 - JackBumgardner 2007-12-16 21:07:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.480 [GMT -8:00]
Running from: C:\Documents and Settings\JackBumgardner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\racle~1
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\anipsvem.dll
C:\WINDOWS\system32\bnlshwwa.exe
C:\WINDOWS\system32\cuqwndgy.ini
C:\WINDOWS\system32\cyjkvxff.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\duvpsgnv.dll
C:\WINDOWS\system32\eodflygm.ini
C:\WINDOWS\system32\gxqtissg.dll
C:\WINDOWS\system32\isqwundi.dll
C:\WINDOWS\system32\iubhjvai.dll
C:\WINDOWS\system32\jwklwawd.dll
C:\WINDOWS\system32\lhergalh.dll
C:\WINDOWS\system32\lmdfosam.dll
C:\WINDOWS\system32\mevspina.ini
C:\WINDOWS\system32\mgylfdoe.dll
C:\WINDOWS\system32\qcqirvrw.dll
C:\WINDOWS\system32\swgcbyex.exe
C:\WINDOWS\system32\unaepjaw.ini
C:\WINDOWS\system32\vctsdmni.dll
C:\WINDOWS\system32\vhfskppw.dll
C:\WINDOWS\system32\vlkqqmjp.dll
C:\WINDOWS\system32\vngspvud.ini
C:\WINDOWS\system32\wajpeanu.dll
C:\WINDOWS\system32\wrvriqcq.ini
C:\WINDOWS\system32\wwkrnogf.exe
C:\WINDOWS\system32\xjuvdceh.dll
C:\WINDOWS\system32\xrxcqjof.dll
C:\WINDOWS\system32\ygdnwquc.dll
C:\WINDOWS\system32\ylvlbecu.exe
C:\WINDOWS\system32\yqggbyjy.dll
C:\WINDOWS\system32\ysgjodrq.dll
C:\WINDOWS\system32\yyadd.bak1
C:\WINDOWS\system32\yyadd.bak2
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2
C:\WINDOWS\system32\yyadd.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.
2007-12-15 23:45 . 2007-12-15 23:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-15 23:45 . 2007-12-15 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-15 23:38 . 2007-12-16 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-15 23:14 . 2007-12-15 23:35 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-15 09:49 . 2007-12-16 18:37 1,678,433 --ahs---- C:\WINDOWS\system32\ybykhwsk.ini
2007-12-10 21:18 . 2007-12-10 21:18 890,666 --ahs---- C:\WINDOWS\system32\wisnifns.ini
2007-12-09 21:18 . 2007-12-09 21:18 824,619 --ahs---- C:\WINDOWS\system32\foykrhkk.ini
2007-12-08 10:14 . 2007-12-09 21:11 801,676 --ahs---- C:\WINDOWS\system32\hrexging.ini
2007-12-06 21:19 . 2007-12-08 10:11 801,616 --ahs---- C:\WINDOWS\system32\kcgbthco.ini
2007-12-05 09:25 . 2007-12-06 21:10 819,266 --ahs---- C:\WINDOWS\system32\krqiirfq.ini
2007-12-04 09:25 . 2007-12-04 23:26 805,579 --ahs---- C:\WINDOWS\system32\xdrbmuac.ini
2007-12-03 10:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-03 10:44 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-03 10:37 . 2007-12-03 10:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-03 08:57 . 2007-12-04 09:16 792,745 --ahs---- C:\WINDOWS\system32\kvtwgfju.ini
2007-12-03 08:56 . 2007-12-06 21:16 <DIR> d-------- C:\QUARANTINE
2007-12-02 19:00 . 2007-12-02 19:00 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-12-02 17:57 . 2007-12-02 17:57 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-12-02 17:57 . 2007-12-02 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-02 17:57 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-12-02 17:57 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2007-12-02 17:56 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-02 17:56 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-02 17:56 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-12-02 17:56 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-12-02 17:56 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-02 17:55 . 2007-12-02 17:57 <DIR> d-------- C:\Program Files\McAfee
2007-12-02 17:55 . 2007-12-02 17:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-02 17:50 . 2007-12-02 17:51 <DIR> d-------- C:\Program Files\iTunes
2007-12-02 17:50 . 2007-12-02 17:50 <DIR> d-------- C:\Program Files\iPod
2007-12-02 17:50 . 2007-12-02 17:50 35,786,752 --a------ C:\vs85.exe
2007-12-02 17:45 . 2007-12-02 17:47 <DIR> d-------- C:\Program Files\QuickTime
2007-12-02 17:42 . 2007-12-02 17:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-02 17:24 . 2007-12-02 17:24 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-12-02 15:01 . 2007-12-16 21:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-02 15:01 . 2007-12-02 15:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 09:54 . 2007-12-06 00:26 <DIR> d-------- C:\Documents and Settings\JackBumgardner\Application Data\U3
2007-11-28 23:38 . 2007-11-28 23:38 <DIR> d-------- C:\Documents and Settings\JackBumgardner\Application Data\Costco Photo Viewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks
2007-12-16 07:14 --------- d-----w C:\Program Files\Trend Micro
2007-12-03 07:08 --------- d-----w C:\Documents and Settings\JackBumgardner\Application Data\Apple Computer
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-02-20 01:40 33,128 ----a-w C:\Documents and Settings\JackBumgardner\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 09:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 04:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 19:47]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-04-05 10:21]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-04-05 10:21]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-04-05 10:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 17:24]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 13:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 20:36]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 C:\WINDOWS\system32\ico.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 04:00 C:\WINDOWS\system32\rundll32.exe]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 11:11]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 12:58]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-06-01 16:55]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 20:08]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-09-07 11:54:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-09-07 11:54 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmnml]
pmnmnml.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
S3 WINIO;WINIO;\??\G:\smap\tools32\winio.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38fd468d-9e4f-11dc-8a4b-001302d5009c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 01:42:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 21:15:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 21:17:37 - machine was rebooted
.
2007-12-12 17:00:37 --- E O F ---
NotComputerSavvy
2007-12-17, 06:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:29 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\Kristin.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sslvpn.medical.washington.edu/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196703942328
O20 - Winlogon Notify: pmnmnml - pmnmnml.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 10841 bytes
Good Morning,
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad. Make sure there is no space above and to the left of File::
File::
C:\WINDOWS\system32\ybykhwsk.ini
C:\WINDOWS\system32\wisnifns.ini
C:\WINDOWS\system32\foykrhkk.ini
C:\WINDOWS\system32\hrexging.ini
C:\WINDOWS\system32\kcgbthco.ini
C:\WINDOWS\system32\krqiirfq.ini
C:\WINDOWS\system32\xdrbmuac.ini
C:\WINDOWS\system32\kvtwgfju.ini
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmnml]
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Please download SuperAntiSpyware (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Install the program
Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.
Let me see the new Combofix log, the SAS log and a new HJT log please
NotComputerSavvy
2007-12-17, 12:15
Good morning,
I really can't thank you enough for your help.
The new Combofix, SAS, and HJT logs are to follow...
Kristin
ComboFix 07-12-16.4 - JackBumgardner 2007-12-17 2:22:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.524 [GMT -8:00]
Running from: C:\Documents and Settings\JackBumgardner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\JackBumgardner\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\foykrhkk.ini
C:\WINDOWS\system32\hrexging.ini
C:\WINDOWS\system32\kcgbthco.ini
C:\WINDOWS\system32\krqiirfq.ini
C:\WINDOWS\system32\kvtwgfju.ini
C:\WINDOWS\system32\wisnifns.ini
C:\WINDOWS\system32\xdrbmuac.ini
C:\WINDOWS\system32\ybykhwsk.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\foykrhkk.ini
C:\WINDOWS\system32\hrexging.ini
C:\WINDOWS\system32\kcgbthco.ini
C:\WINDOWS\system32\krqiirfq.ini
C:\WINDOWS\system32\kvtwgfju.ini
C:\WINDOWS\system32\wisnifns.ini
C:\WINDOWS\system32\xdrbmuac.ini
C:\WINDOWS\system32\ybykhwsk.ini
.
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.
2007-12-15 23:45 . 2007-12-15 23:45 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-15 23:45 . 2007-12-15 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-15 23:38 . 2007-12-16 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-15 23:14 . 2007-12-15 23:35 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-03 10:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-03 10:44 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-03 10:37 . 2007-12-03 10:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-03 08:56 . 2007-12-06 21:16 <DIR> d-------- C:\QUARANTINE
2007-12-02 19:00 . 2007-12-02 19:00 <DIR> d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-12-02 17:57 . 2007-12-02 17:57 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-12-02 17:57 . 2007-12-02 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-02 17:57 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-12-02 17:57 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2007-12-02 17:56 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-02 17:56 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-02 17:56 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-12-02 17:56 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-12-02 17:56 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-02 17:55 . 2007-12-02 17:57 <DIR> d-------- C:\Program Files\McAfee
2007-12-02 17:55 . 2007-12-02 17:55 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-02 17:50 . 2007-12-02 17:51 <DIR> d-------- C:\Program Files\iTunes
2007-12-02 17:50 . 2007-12-02 17:50 <DIR> d-------- C:\Program Files\iPod
2007-12-02 17:50 . 2007-12-02 17:50 35,786,752 --a------ C:\vs85.exe
2007-12-02 17:45 . 2007-12-02 17:47 <DIR> d-------- C:\Program Files\QuickTime
2007-12-02 17:42 . 2007-12-02 17:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-02 17:24 . 2007-12-02 17:24 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-12-02 15:01 . 2007-12-16 21:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-02 15:01 . 2007-12-02 15:01 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 09:54 . 2007-12-06 00:26 <DIR> d-------- C:\Documents and Settings\JackBumgardner\Application Data\U3
2007-11-28 23:38 . 2007-11-28 23:38 <DIR> d-------- C:\Documents and Settings\JackBumgardner\Application Data\Costco Photo Viewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 08:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks
2007-12-16 07:14 --------- d-----w C:\Program Files\Trend Micro
2007-12-03 07:08 --------- d-----w C:\Documents and Settings\JackBumgardner\Application Data\Apple Computer
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-02-20 01:40 33,128 ----a-w C:\Documents and Settings\JackBumgardner\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 09:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 04:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 19:47]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-04-05 10:21]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-04-05 10:21]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-04-05 10:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 17:24]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 13:12]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 20:36]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 C:\WINDOWS\system32\ico.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 04:00 C:\WINDOWS\system32\rundll32.exe]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 11:11]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 12:58]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-06-01 16:55]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 20:08]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-09-07 11:54:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-09-07 11:54 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
S3 WINIO;WINIO;\??\G:\smap\tools32\winio.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38fd468d-9e4f-11dc-8a4b-001302d5009c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 01:42:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 02:24:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-17 2:25:01
C:\ComboFix2.txt ... 2007-12-16 21:17
.
2007-12-12 17:00:37 --- E O F ---
NotComputerSavvy
2007-12-17, 12:20
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/17/2007 at 03:04 AM
Application Version : 3.9.1008
Core Rules Database Version : 3362
Trace Rules Database Version: 1361
Scan type : Complete Scan
Total Scan Time : 00:32:14
Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 6429
Registry threats detected : 0
File items scanned : 28977
File threats detected : 280
Adware.Tracking Cookie
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@tribalfusion[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@host-d.oddcast[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@equityresidential.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@anat.tacoda[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@trafficmp[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@mediapromoter[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@metacafe.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@buzznet.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ad2.adnetinteractive[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@livenation.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ehg-dig.hitbox[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@virginmedia[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@blockbuster.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@stat.dealtime[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ad.xplusone[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@cbs.112.2o7[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adecn[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@elsevier-com[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ad[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@overture[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@anad.tacoda[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@sales.liveperson[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@bluestreak[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@gcc-00.googleadservices[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@friendfinder[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@tacoda[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@partner2profit[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.gmodules[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.virginmedia[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@questionmarket[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@kanoodle[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@74613876[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.as4x.tmcs[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adlegend[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@yadro[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@m1.webstats4u[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@indextools[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@track.bestbuy[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.iheartjakemedia[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@eyewonder[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@perf.overture[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@hitbox[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@secure.agoramedia[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@campaign.indieclick[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@atdmt[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@saxohorvitz.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@revsci[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adopt.specificclick[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@e-2dj6wflocgcpikq.stats.esomniture[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@48986480[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@nextag[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@cgi-bin[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@clickauditor[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.addesktop[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adredired[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@brightcove.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.addynamix[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adbrite[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@getMessage[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.adbrite[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@clubmom.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@specificclick[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@media.adrevolver[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@usatoday1.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@57386690[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@findwhat[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@msnportal.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adopt.euroclick[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@bs.serving-sys[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@downingstreet[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@fastclick[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@fin.adbureau[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@media.adrevolver[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@s.clickability[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ad.yieldmanager[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@washingtondental.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@maxim.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@3.adbrite[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@cpvfeed[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@trafficdashboard[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adv.dmv[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@try.screensavers[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[10].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@footballfanatics.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@please[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@mb[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adrevolver[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@roiservice[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@findarticles[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@mb[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.diet[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[5].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@tremor.adbureau[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@rotator.adjuggler[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@amazonbebe.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.cnn[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@bizrate[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@media.hotels[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.belointeractive[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@dash.revsci[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@e-2dj6wjnyqmd5gco.stats.esomniture[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@50549199[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adinterax[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@rambler[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@e-2dj6wjnyojcjmco.stats.esomniture[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@tripod[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.claxonmedia[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.revsci[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@monstersandcritics.advertserve[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@snapfish.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.clickxchange[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[3].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads2.adgarden[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@analytics.clickpathmedia[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@planet[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@mormonsexposed[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.contactmusic[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@webstat[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@112.2o7[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@a[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@stats.manticoretechnology[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@m1.webstats.motigo[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@e-2dj6wak4sjdjgkq.stats.esomniture[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@webstat[3].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@tracker.wholinked[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@105-bmp.googleadservices[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@partners.trafficneeds[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@counter.hatena.ne[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@qnsr[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@lifemedmedia.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@findology[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@doubleclick[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@enhance[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@interclick[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.expedia[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[8].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@1071339058[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@image.masterstats[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@sportskids.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@5.go.globaladsales[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@mediatraffic[3].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@e-2dj6wfkoupdpwbp.stats.esomniture[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@sonyelectronicssupportus.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@easy-hit-counters[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@richmedia.yahoo[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@server.iad.liveperson[3].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@a.findarticles[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.pointroll[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@amznshopbop.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@serving-sys[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@nextstat[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@xiti[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@edge.ru4[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.realtechnetwork[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adv.webmd[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[6].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@findlinks.addresses[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@iacas.adbureau[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@yelp.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads4.blastro[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adultfriendfinder[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@monstercom.112.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@15744040[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ad.outerinfoads[3].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@cnn.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@valueclick[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@freecodesource.advertserve[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@gettyimages.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@dealtime[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@thunderbolt.adjuggler[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[9].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[4].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@reduxads.valuead[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@web-stat[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@prospect.adbureau[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.auctionads[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@marketlive.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@hornymatches[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@advertising[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@www.googleadservices[7].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@lynxtrack[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@realmedia[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@server.iad.liveperson[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[7].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@saksfifthavenue.122.2o7[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@media.mtvnservices[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@collective-media[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adsrevenue[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads.bridgetrack[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@adserver.easyad[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ads3.blastro[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@eas.apm.emediate[2].txt
NotComputerSavvy
2007-12-17, 12:22
SAS Scan Log Continued, followed by HJT log:
C:\Documents and Settings\Guest\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.euroclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adserver[1].txt
C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atdmt[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
C:\Documents and Settings\Guest\Cookies\guest@blockbuster.112.2o7[1].txt
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[1].txt
C:\Documents and Settings\Guest\Cookies\guest@ehg-bestbuy.hitbox[1].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[2].txt
C:\Documents and Settings\Guest\Cookies\guest@tacoda[2].txt
C:\Documents and Settings\Guest\Cookies\guest@track.bestbuy[2].txt
C:\Documents and Settings\Guest\Cookies\guest@track.searchignite[1].txt
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
C:\Documents and Settings\Guest\Cookies\guest@viamtvcom.112.2o7[2].txt
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@ad.outerinfoads[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[1].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[2].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[3].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[4].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[5].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@apmebf[6].txt
C:\Documents and Settings\JackBumgardner\Cookies\jackbumgardner@mediatraffic[1].txt
Trojan.Downloader-Gen/DDC
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BNLSHWWA.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SWGCBYEX.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WWKRNOGF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YLVLBECU.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004960.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004961.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004962.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004963.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004964.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004965.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005032.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005034.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005035.EXE
Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004771.EXE
Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004773.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004782.DLL
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004774.EXE
Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004781.DLL
Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004795.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP111\A0004796.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP112\A0004832.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP114\A0004925.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP114\A0004926.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP114\A0004927.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP114\A0004928.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP116\A0005019.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005036.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005037.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005038.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005039.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005040.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005042.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005043.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005044.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005045.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005046.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005047.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005048.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005049.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005050.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005053.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005054.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005055.DLL
Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP115\A0004966.DLL
Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP117\A0005068.DLL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:37 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\Kristin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sslvpn.medical.washington.edu/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196703942328
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11011 bytes
Good Morning again Kristin,
Your doing very well :bigthumb:
You have a bad entry in your Internet Explorer Trusted Zone, run this tool to restore it back to default.
Download: DelDomains (http://mvps.org/winhelp2002/DelDomains.inf) and save it to the desktop.
Close all open windows and your browser
Right Click DelDomains.inf and select > Install
Reboot your computer
We need to make sure all hidden files are showing :
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide file extensions for known types option.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.
You can delete the file in red
C:\WINDOWS\system32\mcrh.tmp
A lot of entries where found and removed in your System Restore program, lets flush it all out and create a new Restore Point as there may be some leftover ones that we want to get rid of.
System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
Turn off System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.
Reboot your computer
Turn ON System Restore.
Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.
Create a new Restore Point <-- Very Important
Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point
System Restore Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- If you need it
Run this system cleaner
Download CCleaner from here (http://www.ccleaner.com/) to clean temp files from your computer.
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://www.java.com/en/download/manual.jsp) and install the update
Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future
The rest of your log looks fine . Let me know how things are running now and if all is ok I will link you to the Spybot download and forum so you can reinstall Spybot Search and Destroy 1.5.1 along with a few other tools to help keep you more secure.
My internet is very limited at work so I may not get back to you until noon.
Ken:)
Kristin,
I was just double checking your log and see that you have TWO ANTIVIRUS PROGRAMS RUNNING, this is not recommended as with this type of software MORE IS NOT BETTER, They will use a huge amount of system resouces, slow down your system and at times cause all sorts of problems, even Microsoft recommends only One AV and one Firewall.
You have McAfee and Norton, its totally up to you but you need to uninstall one of them via the Add Remove Programs in the Control Panel.
Ken:santa:
NotComputerSavvy
2007-12-17, 13:32
Good morning again Ken!
I hate to further reveal my lack of proficiency, but why doesn't Norton show up in Add or Remove Programs? I can find it in C:\Program Files\Norton Internet Security, but am not sure how I would go about removing it...
Perhaps this is a sign I should remove McAfee?
Thanks again,
Kristin
NotComputerSavvy
2007-12-17, 14:16
Hi Ken,
I've followed your most recent set of instructions (minus removing one of the two anti-virus programs) and everything seems back to normal. You've made my day!
I won't have access again until this evening after work, but let me know if you'd like me to post any more logs. Thank you again for all of your help!
Kristin
Glad things are running better, :bigthumb::bigthumb:you can do this ...
Open Hijackthis
Go to Misc Tools> Open Uninstall Manager.
Click on Save List.
The list will open in Notepad.
Copy and Paste the List into this thread
NotComputerSavvy
2007-12-18, 07:20
Hi Ken!
Don't know how I'd get through this without your help...
Thanks again,
Kristin
Below is the HJT uninstall manager list:
Adobe Flash Player ActiveX
Adobe Reader 7.0.7
Apple Mobile Device Support
Apple Software Update
Bewitched (remove only)
Calm Tools for Living
CCleaner (remove only)
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.30
DISCover
DSD Direct
DSD Playback Plug-in 1.0
DVgate Plus
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB900466)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB915865)
Image Converter 2 Plus
ImageStation
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iTunes
Java(TM) 6 Update 3
JEOPARDY! (remove only)
Juniper Terminal Services Client
Kaspersky Online Scanner
LAN Setting Utility
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
McAfee VirusScan Enterprise
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Works
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.5.01
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Search Enhancement by AOL Search
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Setting Utility Series
SigmaTel Audio
Sonic Encoders
SonicStage 4.0
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
The Da Vinci Code (remove only)
Trend Micro Anti-Spyware
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Backup Utility
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
Wheel of Fortune (remove only)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888321
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908250
Wireless Switch Setting Utility
Yahoo! Install Manager
Good Morning,
Yep, I don't see it in there either, it looks like Symantec may have been installed at one time and partially removed. I think what I would do at this time is to keep Mcafee and you can run this tool to completely remove Symantec. I am not sure what version of Symantec you have.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
If you have problems removing it, you can post in one of these forums for help as we only do malware removal here.
You may want to read this one first
http://www.bleepingcomputer.com/forums/topic34671.html
My second choice
http://www.tek-tips.com/threadminder.cfm?pid=742
How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
Geeks To Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Here are some free programs to install, don't leave home without them
Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts.
Win Patrol (http://www.winpatrol.com/download.html) This program will warn you when any changes are being made to your system and give
you the option to deny the change.
IE-Spyad (http://forums.windowsforum.org/index.php?showtopic=6640)
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp) Here is a free Firewall from Zone Labs, I
wouldn't access the internet without it.
Glad we could help. I will keep this thread open for you , after you remove Norton, come on back and post a new HJT log and lets make sure all is well.
Safe Surfn
Ken
NotComputerSavvy
2007-12-20, 20:23
Hi Ken!
I've attempted to remove Norton and installed most of the items you mentioned to protect my computer in the future... We'll see how I did...
Below is my latest HJT log. Thank you for all of your help!
Kristin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:41 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\Kristin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sslvpn.medical.washington.edu/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196703942328
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 12396 bytes
kristin,
Symantec is still running as a service, do this.
Go to Start> Run and type in services.msc then press Enter
Scroll down to Symantec Core LC
Double Click that service to open it.
Click on Stop Service.
Then change the Startup Type to Disabled.
OK your way out of the program.
Reboot after you stop the service and if there are problems you can always re enable it.
After the service is disabled, then run that tool I posted to remove all of Symantec
McAfee Internet Security Suite <-- this includes a firewall so you do not need ZoneAlarm
Ken:santa:
NotComputerSavvy
2007-12-21, 19:58
Hi Ken,
I followed your instructions in another attempt to remove Norton, and I uninstalled ZoneAlarm at your suggestion. Hope it worked this time!
On a side note, ever since I updated all of my security features I have been unable to remotely login to a secure gateway to access my work computer. It says the computer contains invalid characters. Could this be related to my new settings, or do you think it has something to do with my work computer? I know this forum only deals with malware removal - do you have any suggestions for where I should go?
Thanks again for your help!
Kristin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:06 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Trend Micro\HijackThis\Kristin.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sslvpn.medical.washington.edu/dana-cached/setup/NeoterisSetup.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196703942328
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11677 bytes
Hello Kristin,
The malware we removed was tied into Winlogon and I am not sure if it messed up your ability to logon remotely. Why don't you post in this forum, its one of the best on the internet and they do have a Networking forum, like here its free but you need to sign up.
http://www.windowsbbs.com/
Hope this helps,
Ken