PDA

View Full Version : virtumonde



yeniuye
2009-03-01, 18:48
I cant believe I have this ****** again. I was almost downloading nothing to not have it again. Any help appreciated!

pskelley
2009-03-03, 14:31
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them, then post the requested logs, please mention any recent symptoms.

Thanks

yeniuye
2009-03-03, 20:38
Symptoms are many. My computer operates slower than ever. When I search something on Google, pop up pages opened. Kaspersky quarantined firefox for sending out private data. Spybot found Virtumonde.prx and cant delete it.

Here is HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:05 PM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {5fe8e6b1-e04e-bbfb-a644-96eef85d4a52} - {25a4d58f-ee69-446a-bfbb-e40e1b6e8ef5} - C:\WINDOWS\system32\nnfveg.dll
O2 - BHO: (no name) - {33424708-b023-4ab3-bac1-759ee6716430} - C:\WINDOWS\system32\gohareju.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [VAIO Recovery] c:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sivafobibu] Rundll32.exe "C:\WINDOWS\system32\vozimoka.dll",s
O4 - HKLM\..\Run: [58a63c70] rundll32.exe "C:\WINDOWS\system32\kekiyala.dll",b
O4 - HKLM\..\Run: [CPM5b950fec] Rundll32.exe "c:\windows\system32\tesifoti.dll",a
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S9C5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [sivafobibu] Rundll32.exe "C:\WINDOWS\system32\vozimoka.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sivafobibu] Rundll32.exe "C:\WINDOWS\system32\vozimoka.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: Web-Based Email Tools - http://email02.secureserver.net/Download.CAB
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c7a963b945af174ad&browserVersion=7.0
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199995506305
O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} (AvaLaunch Control) - http://212.175.239.246:81/avaLaunch94.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/xupload/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\zibuvugo.dll c:\windows\system32\zedomafe.dll c:\windows\system32\tozudako.dll c:\windows\system32\tesifoti.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tesifoti.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tesifoti.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartWiService - Sony Electronics, Inc - C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 18626 bytes

pskelley
2009-03-03, 20:45
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks

yeniuye
2009-03-04, 02:04
combofix log part 1
ComboFix 09-03-02.03 - 2009-03-03 18:10:58.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1324 [GMT -5:00]
Running from: c:\documents and settings\Efe Tuncel\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\alayikek.ini
c:\windows\system32\fetepevo.dll
c:\windows\system32\fiyahena.dll
c:\windows\system32\gohareju.dll
c:\windows\system32\gssfjr.dll
c:\windows\system32\hafiwofi.dll
c:\windows\system32\heredetu.dll
c:\windows\system32\hsfkcv.dll
c:\windows\system32\jelhlc.dll
c:\windows\system32\jininuho.dll
c:\windows\system32\jixswn.dll
c:\windows\system32\jolujara.dll
c:\windows\system32\kekiyala.dll
c:\windows\system32\konaneli.dll
c:\windows\system32\nnfveg.dll
c:\windows\system32\ovohazuz.ini
c:\windows\system32\pewfnq.dll
c:\windows\system32\pwddus.dll
c:\windows\system32\rxhqoj.dll
c:\windows\system32\sapowaho.dll
c:\windows\system32\selulisa.dll
c:\windows\system32\tesifoti.dll
c:\windows\system32\tpkcfm.dll
c:\windows\system32\turotafe.dll
c:\windows\system32\vabesima.dll
c:\windows\system32\vomuganu.dll
c:\windows\system32\vozimoka.dll
c:\windows\system32\wibigejo.dll
c:\windows\system32\wijudira.dll
c:\windows\system32\yetevato.dll
c:\windows\system32\yudaditu.dll
c:\windows\system32\zibuvugo.dll
c:\windows\system32\zopuwole.dll
c:\windows\system32\zuzahovo.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-03 15:47 . 2006-11-22 10:01 693,760 --a------ c:\windows\system32\drivers\hardlock.sys
2009-03-03 15:44 . 2009-03-03 15:44 <DIR> d-------- c:\program files\EuroPlus
2009-03-03 15:44 . 2009-03-03 15:45 <DIR> d-------- c:\program files\Common Files\EuroPlus Shared
2009-03-03 15:44 . 2009-03-03 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Font Downloader
2009-03-03 15:44 . 2009-03-03 15:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\EuroPlus
2009-03-03 15:43 . 2009-03-03 15:47 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{AC98439A-5957-4886-B37D-D79C2A826220}
2009-03-02 22:52 . 2009-03-02 22:57 <DIR> d-------- c:\program files\Wise Registry Cleaner 3 Pro
2009-03-02 22:51 . 2008-03-25 05:32 2,991,488 --a------ c:\windows\system32\Flash9f.ocx
2009-03-02 22:51 . 2008-05-31 12:29 389,120 --a------ c:\windows\system32\actskn43.ocx
2009-03-02 22:51 . 2003-04-30 19:21 193,093 --a------ c:\windows\system32\winaqua.skn
2009-02-12 18:28 . 2009-02-12 18:28 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
2009-02-12 18:23 . 2009-02-12 18:23 <DIR> d-------- c:\program files\TurboTax
2009-02-11 13:14 . 2009-03-03 18:21 15,344,928 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-11 13:14 . 2009-03-03 18:32 281,120 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-11 13:14 . 2009-03-03 18:19 206,468 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-11 13:14 . 2009-03-03 18:19 27,332 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-03 17:26 . 2009-02-03 17:26 <DIR> d-------- c:\program files\Microsoft SQL Server 2005 Upgrade Advisor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-02 21:34 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-02 19:08 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\CoreFTP
2009-03-02 02:11 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\LimeWire
2009-02-28 01:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-14 20:44 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-14 20:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-12 23:28 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Intuit
2009-02-12 23:25 --------- d-----w c:\program files\Common Files\Intuit
2009-02-12 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-02-11 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 05:15 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Sony Corporation
2009-02-10 05:13 --------- d-----w c:\program files\TCP-Com
2009-02-10 05:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 05:05 --------- d-----w c:\program files\Firaxis Games
2009-02-10 04:58 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-03 17:39 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:39 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-02-03 15:34 --------- d-----w c:\program files\Microsoft.NET
2009-02-03 04:41 --------- d-----w c:\program files\Common Files\supportsoft
2009-02-03 04:32 --------- d-----w c:\program files\Intuit
2009-02-03 04:31 --------- d-----w c:\documents and settings\All Users\Application Data\COMMON FILES
2009-02-03 01:46 --------- d-----w c:\program files\Microsoft SQL Server
2009-02-03 01:31 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\Bullzip
2009-01-18 22:39 --------- d-----w c:\documents and settings\Efe Tuncel\Application Data\TeamViewer
2009-01-18 22:38 --------- d-----w c:\program files\TeamViewer
2009-01-08 05:23 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-06 15:57 356,352 ----a-w c:\documents and settings\Efe Tuncel\cwshredder.dll
2008-08-07 23:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080720080808\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-20_ 9.18.02.95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
+ 2008-09-08 10:41:42 333,824 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
+ 2009-02-12 23:25:05 28,672 ----a-w c:\windows\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\Common.Logging.dll
+ 2009-02-03 04:36:06 73,728 ----a-w c:\windows\assembly\GAC\IEProtocol\2.0.0.107__82cc56431f1a971d\IEProtocol.dll
+ 2009-02-03 04:36:04 11,296 ----a-w c:\windows\assembly\GAC\Interop.QBPOSXMLRPLIB\2.0.0.32__31d8aec643e18259\Interop.QBPOSXMLRPLIB.dll
+ 2009-02-03 04:36:11 16,152 ----a-w c:\windows\assembly\GAC\Interop.QBXMLRP2\6.0.205.13__31d8aec643e18259\Interop.QBXMLRP2.dll
+ 2009-02-03 04:36:08 16,384 ----a-w c:\windows\assembly\GAC\QBWCInterfaces\2.0.0.107__82cc56431f1a971d\QBWCInterfaces.dll
+ 2009-02-12 23:25:18 755,712 ----a-w c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.DLL
+ 2009-02-03 04:35:09 106,496 ----a-w c:\windows\assembly\GAC_MSIL\antlr.runtime\2.7.6.2__65e474d141e25e07\antlr.runtime.dll
+ 2009-02-12 23:25:05 10,240 ----a-w c:\windows\assembly\GAC_MSIL\BackgroundCopyManager\1.0.0.0__9e3a83f3f863854b\BackgroundCopyManager.dll
+ 2009-02-12 23:25:05 77,824 ----a-w c:\windows\assembly\GAC_MSIL\Castle.DynamicProxy\1.1.5.0__407dd0808d44fbdc\Castle.DynamicProxy.dll
+ 2009-02-03 04:35:08 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Common.Logging\1.1.0.2__65e474d141e25e07\Common.Logging.dll
+ 2009-02-12 23:25:06 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Iesi.Collections\1.0.0.3__aa95f207798dfdb4\Iesi.Collections.dll
+ 2009-02-03 04:34:35 61,440 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.QuickBooks.FCS\1.2.0.2__5b3f47ba29970ccb\Intuit.QuickBooks.FCS.exe
+ 2009-02-03 04:34:36 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.QuickBooks.XmlDigitalSignature\1.2.0.0__5b3f47ba29970ccb\Intuit.QuickBooks.XMLDigitalSignature.dll
+ 2009-02-12 23:25:06 130,848 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2009-02-12 23:25:06 72,480 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2009-02-12 23:25:06 120,608 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2009-02-12 23:25:08 197,920 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.145.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2009-02-12 23:25:07 217,376 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2009-02-12 23:25:08 400,672 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2009-02-12 23:25:08 40,224 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2009-02-12 23:25:09 44,320 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2009-02-12 23:25:08 12,064 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2009-02-12 23:25:08 23,840 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2009-02-12 23:25:08 47,392 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2009-02-12 23:25:09 341,792 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2009-02-12 23:25:08 18,720 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2009-02-03 04:35:10 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Component\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Component.dll
+ 2009-02-12 23:25:09 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Component\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Component.dll
+ 2009-02-03 04:35:12 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.ComponentSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.ComponentSpecific.dll
+ 2009-02-03 04:35:17 155,648 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
+ 2009-02-12 23:25:13 458,752 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
+ 2009-02-03 04:35:17 307,200 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.PortabilitySpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.PortabilitySpecific.dll
+ 2009-02-12 23:25:12 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.PortabilitySpecific30\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.PortabilitySpecific30.dll
+ 2009-02-03 04:35:13 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
+ 2009-02-12 23:25:11 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
+ 2009-02-03 04:35:13 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ConfigSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.ConfigSpecific.dll
+ 2009-02-03 04:35:14 49,152 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
+ 2009-02-12 23:25:12 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
+ 2009-02-03 04:35:15 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandlingSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandlingSpecific.dll
+ 2009-02-03 04:35:16 24,576 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
+ 2009-02-12 23:25:13 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
+ 2009-02-03 04:35:16 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.LoggingSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.LoggingSpecific.dll
+ 2009-02-03 04:35:18 20,480 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Serialization\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.Serialization.dll
+ 2009-02-12 23:25:10 65,536 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Serialization\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Serialization.dll
+ 2009-02-03 04:35:18 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.SerializationSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.SerializationSpecific.dll
+ 2009-02-03 04:35:19 24,576 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManager\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManager.dll
+ 2009-02-12 23:25:09 15,360 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManager\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManager.dll
+ 2009-02-03 04:35:19 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManagerSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManagerSpecific.dll
+ 2009-02-03 04:35:19 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Xml\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.Xml.dll
+ 2009-02-12 23:25:10 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Xml\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Xml.dll
+ 2009-02-03 04:35:20 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.XmlSpecific\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.XmlSpecific.dll
+ 2009-02-03 04:35:18 20,480 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary\2.1.7.0__540d4816ead86321\Intuit.Spc.Foundations.Primary.dll
+ 2009-02-12 23:25:09 20,480 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.dll
+ 2009-02-12 23:25:12 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.ClientUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.ClientUtil.dll
+ 2009-02-12 23:25:11 651,264 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity.dll
+ 2009-02-12 23:25:11 217,088 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.dll
+ 2009-02-12 23:25:11 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccessUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccessUtil.dll
+ 2009-02-12 23:25:12 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Installer\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Installer.dll
+ 2009-02-12 23:25:11 94,208 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Orchestration\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Orchestration.dll
+ 2009-02-12 23:25:12 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil.dll
+ 2009-02-12 23:25:13 106,496 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific.dll
+ 2009-02-12 23:25:11 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Repository\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Repository.dll
+ 2009-02-12 23:25:12 45,056 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.RestServices\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.RestServices.dll
+ 2009-02-03 04:34:57 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2009-02-12 23:25:13 397,312 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2009-02-03 04:34:59 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2009-02-12 23:25:14 53,248 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2009-02-12 23:25:14 47,104 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.ObjectBuilder\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.ObjectBuilder.dll
+ 2009-02-03 04:35:03 176,128 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2009-02-12 23:25:14 176,128 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2009-02-12 23:25:15 162,816 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core.Plugin\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.Plugin.dll
+ 2009-02-03 04:34:57 24,576 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2009-02-12 23:25:14 86,016 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2009-02-03 04:35:03 229,376 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Api\5.0.22.2__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Api.dll
+ 2009-02-03 04:35:05 2,236,416 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\5.0.22.2__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
+ 2009-02-03 04:35:06 57,344 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.WinInet\5.0.22.2__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.WinInet.dll
+ 2009-02-03 04:35:01 188,416 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2009-02-12 23:25:15 471,040 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2009-02-03 04:35:02 114,688 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2009-02-12 23:25:15 108,544 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2009-02-03 04:35:02 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2009-02-12 23:25:15 16,384 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2009-02-03 04:35:03 80,896 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\3.1.272.1__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2009-02-12 23:25:15 1,058,304 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.95.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2009-02-12 23:25:15 114,688 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Core\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Core.dll
+ 2009-02-12 23:25:16 57,344 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.ExternalApi\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll
+ 2009-02-12 23:25:16 221,184 ----a-w c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Protocol\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Protocol.dll
+ 2009-02-03 04:35:10 270,336 ----a-w c:\windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
- 2008-01-20 23:22:18 136,560 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2009-02-03 22:28:01 133,848 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
- 2008-01-20 23:22:19 46,448 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2009-02-03 22:28:01 43,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
- 2008-01-20 23:22:19 202,096 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2009-02-03 22:28:01 199,384 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
- 2008-01-20 23:22:19 289,496 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll
+ 2009-02-03 22:28:01 289,496 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Setup\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Setup.dll
- 2008-01-20 23:22:18 595,312 -c--a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2009-02-03 22:28:01 592,600 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2009-02-12 23:25:17 884,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2009-02-12 23:25:17 1,085,440 ----a-w c:\windows\assembly\GAC_MSIL\NHibernate\1.2.0.4000__aa95f207798dfdb4\NHibernate.dll
+ 2009-02-03 04:36:07 24,576 ----a-w c:\windows\assembly\GAC_MSIL\QBWCCommon\2.0.0.107__82cc56431f1a971d\QBWCCommon.dll
+ 2009-02-12 23:25:17 143,360 ----a-w c:\windows\assembly\GAC_MSIL\Spring.Aop\1.1.0.2__65e474d141e25e07\Spring.Aop.dll
+ 2009-02-03 04:35:09 495,616 ----a-w c:\windows\assembly\GAC_MSIL\Spring.Core\1.1.0.2__65e474d141e25e07\Spring.Core.dll
+ 2009-02-03 22:28:22 249,856 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\c851efbcdb133ac214b09ae51ff54b55\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-02-03 22:28:30 1,028,096 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\03ce0e72242f28dd261fda698be2d448\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2009-02-03 22:28:27 561,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\057d6ab1c1f71152ad954bb83ad6b59a\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-02-03 22:28:24 90,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\381b42660e8097a1dc02baa71c7c1b15\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-02-03 22:28:28 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c75e7a5cfb419c775303e167902da13d\Microsoft.SqlServer.Setup.ni.dll
+ 2008-06-11 20:15:10 249,856 ----a-w c:\windows\Downloaded Program Files\WBEtoolsAX.dll
- 2008-12-10 02:52:04 3,661,824 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-12-20 15:24:15 12,103,680 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-12-10 02:52:04 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-12-20 15:24:15 192,512 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-02-03 04:30:54 32,768 ----a-r c:\windows\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
+ 2009-02-12 23:25:27 423,688 ----a-r c:\windows\Installer\{88214092-836F-4E22-A5AC-569AC9EE6A0F}\TurboTax.exe
+ 2009-02-03 04:39:42 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:45 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:42 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:45 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:42 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:45 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:42 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:39 45,056 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut2.CB4E6205_F99A_4C51_ADD4_184506EFAB87.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:42 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:43 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:42 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2009-02-03 04:39:44 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2009-02-03 04:39:44 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2009-02-03 04:39:46 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2009-02-03 04:39:44 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:49 45,056 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2009-02-03 04:39:47 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:44 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:47 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:44 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:47 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:47 40,960 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2009-02-03 04:39:45 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:48 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:45 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:48 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:45 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2009-02-03 04:39:48 335,872 ----a-r c:\windows\Installer\{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2008-12-12 06:17:44 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-11 17:45:44 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-12 06:17:45 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-11 17:45:46 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-12 06:17:44 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-11 17:45:45 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-12 06:17:44 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-11 17:45:45 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-12-12 06:17:45 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-11 17:45:45 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-12 06:17:45 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-11 17:45:46 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-12 06:17:45 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-11 17:45:47 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-12 06:17:44 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-11 17:45:45 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-12 06:17:44 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-11 17:45:45 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-12 06:17:45 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-11 17:45:45 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-12 06:17:45 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-11 17:45:47 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-12 06:17:44 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-11 17:45:44 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2000-08-31 13:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2007-06-28 19:09:26 1,843,200 ----a-w c:\windows\system32\acXMLParser.dll
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2007-07-30 19:44:36 3,518,464 ----a-w c:\windows\system32\cdintf300.dll
- 2008-12-09 16:02:04 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-03 01:44:32 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-09 16:02:04 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-03 01:44:32 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-09 16:02:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-03 01:44:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 00:12:19 1,033,728 -c--a-w c:\windows\system32\dllcache\explorer.exe
- 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c----w

yeniuye
2009-03-04, 02:05
part 2

c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-12-03 15:43:20 1,963,008 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-03 16:18:48 1,971,936 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2006-09-18 19:37:46 638,608 ----a-w c:\windows\system32\Gsprop32.dll
+ 2006-09-18 19:37:48 423,016 ----a-w c:\windows\system32\Gsw32.exe
+ 2006-09-18 19:37:48 242,816 ----a-w c:\windows\system32\Gswag32.dll
+ 2006-09-18 19:37:48 152,688 ----a-w c:\windows\system32\gswdll32.dll
+ 2007-01-12 11:14:56 22,720 ----a-w c:\windows\system32\haspds_msi.dll
+ 2006-12-19 22:07:48 2,511,360 ----a-w c:\windows\system32\haspds_windows.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2006-11-08 19:46:54 1,721,952 ----a-w c:\windows\system32\InetClnt.dll
- 2008-12-20 14:07:05 215,860 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-03-03 23:25:26 215,861 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2002-01-05 09:48:16 974,848 ----a-w c:\windows\system32\mfc70.dll
+ 2002-01-05 09:36:38 964,608 ----a-w c:\windows\system32\mfc70u.dll
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2002-01-05 08:38:38 54,784 ----a-w c:\windows\system32\msvci70.dll
- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-11-03 20:37:42 114,672 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-03 15:32:47 97,030 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 20:37:42 558,350 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-03 15:32:47 511,642 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2006-10-17 00:35:44 104,576 ----a-w c:\windows\system32\Setup\aladdin\hasphl\aksclass.sys
+ 2006-10-17 00:35:44 7,168 ----a-w c:\windows\system32\Setup\aladdin\hasphl\akscoinst.dll
+ 2006-11-22 15:01:46 327,168 ----a-w c:\windows\system32\Setup\aladdin\hasphl\akshasp.sys
+ 2006-11-22 15:01:48 100,096 ----a-w c:\windows\system32\Setup\aladdin\hasphl\aksusb.sys
+ 2006-11-22 15:01:48 693,760 ----a-w c:\windows\system32\Setup\aladdin\hasphl\hardlock.sys
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-07-30 19:44:36 428,589 ----a-w c:\windows\system32\spool\drivers\w32x86\3\acpdf300.dll
+ 2007-07-30 19:44:36 381,903 ----a-w c:\windows\system32\spool\drivers\w32x86\3\acpdfui300.dll
+ 2007-07-30 19:44:36 3,518,464 ----a-w c:\windows\system32\spool\drivers\w32x86\3\cdintf300.dll
+ 2007-07-30 19:44:36 428,589 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acpdf300.dll
+ 2007-07-30 19:44:36 381,903 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\acpdfui300.dll
+ 2007-07-30 19:44:36 3,518,464 ----a-w c:\windows\system32\spool\drivers\w32x86\amyuni_amyunidocumentconverter300\cdintf300.dll
+ 2006-09-18 19:37:48 741,008 ----a-w c:\windows\system32\SPR32D30.DLL
+ 2006-09-18 19:37:48 667,280 ----a-w c:\windows\system32\tx12.dll
+ 2006-09-18 19:37:48 261,776 ----a-w c:\windows\system32\tx12_css.dll
+ 2006-09-18 19:37:50 482,960 ----a-w c:\windows\system32\tx12_doc.dll
+ 2006-09-18 19:37:50 229,008 ----a-w c:\windows\system32\tx12_htm.dll
+ 2006-09-18 19:37:50 110,224 ----a-w c:\windows\system32\tx12_ic.dll
+ 2006-09-18 19:37:50 343,696 ----a-w c:\windows\system32\tx12_obj.dll
+ 2006-09-18 19:37:50 519,824 ----a-w c:\windows\system32\tx12_pdf.dll
+ 2006-09-18 19:37:50 364,176 ----a-w c:\windows\system32\tx12_rtf.dll
+ 2006-09-18 19:37:50 130,704 ----a-w c:\windows\system32\tx12_tls.dll
+ 2006-09-18 19:37:50 56,976 ----a-w c:\windows\system32\tx12_wnd.dll
+ 2006-09-18 19:37:50 306,832 ----a-w c:\windows\system32\tx12_xml.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 1999-05-10 05:00:00 1,694,992 ----a-w c:\windows\system32\VBA6.DLL
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-03-03 23:21:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_878.dat
+ 2009-03-03 23:21:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a5c.dat
+ 2009-02-12 23:25:08 40,224 ----a-w c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.0_x-ww_a2ff2b05\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2009-02-12 23:25:09 44,320 ----a-w c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.0_x-ww_5e75e2fd\Intuit.Spc.Esd.WinClient.Application.Update.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"EPSON WorkForce 600(Network)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE" [2008-03-04 188928]
"Google Update"="c:\documents and settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-21 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-20 7561216]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-22 1354240]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"WCULauncher"="c:\program files\Sony\SmartWi Connection Utility\WCULauncher.exe" [2006-02-07 73728]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-02-19 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

c:\documents and settings\Efe Tuncel\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-04-07 1773568]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-22 21:11 39936 c:\windows\system32\fusstub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 16:51 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli fusstub
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\CoreFTP\\coreftp.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Sony Shared\\VAIO Entertainment Platform\\VCSW\\VCSW.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Sony\\SmartWi Connection Utility\\SmartWiService.exe"=
"c:\\Program Files\\Common Files\\EuroPlus Shared\\LblServices.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"20882:TCP"= 20882:TCP:*:Disabled:SolidNetworkManager
"20882:UDP"= 20882:UDP:*:Disabled:SolidNetworkManager

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-07-22 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 33024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 LabelServices;Label Services;c:\program files\Common Files\EuroPlus Shared\LblServices.exe [2009-01-14 1597096]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-07-22 36352]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-07-22 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-07-22 71961]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2008-11-30 31872]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-07-22 226304]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2008-02-22 53376]
S3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2006-07-22 114944]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2006-07-22 53248]
S3 UXDCMN;UXDCMN;\??\e:\uxdcmn.sys --> e:\UXDCMN.SYS [?]
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2008-02-22 26880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03d8117d-9d2e-11dd-b7e0-0018ded50f9a}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3934273785-3743418397-930341284-1006.job
- c:\documents and settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-21 11:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{25a4d58f-ee69-446a-bfbb-e40e1b6e8ef5} - c:\windows\system32\nnfveg.dll
BHO-{33424708-b023-4ab3-bac1-759ee6716430} - c:\windows\system32\gohareju.dll
MSConfigStartUp-CTFMON - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c7a963b945af174ad&browserVersion=7.0
DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} - hxxp://212.175.239.246:81/avaLaunch94.cab
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} - hxxp://data.flatcast.com/data/objects/NpFv41629.dll
FF - ProfilePath - c:\documents and settings\Efe Tuncel\Application Data\Mozilla\Firefox\Profiles\kmsh6qbw.default\
FF - plugin: c:\documents and settings\Efe Tuncel\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 18:23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3934273785-3743418397-930341284-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c8,4e,62,e9,73,41,5d,04,84,b0,1c,1d,0e,94,15,87,9d,36,82,cd,3d,4a,81,
31,30,1b,95,71,e3,64,9b,44,68,17,49,3a,df,8d,58,69,2d,b1,b8,e2,92,3c,f6,79,\
"??"=hex:c9,2a,bb,21,10,8c,2f,33,cd,c1,8c,68,87,c4,30,b7

[HKEY_USERS\S-1-5-21-3934273785-3743418397-930341284-1006\Software\SecuROM\License information*]
"datasecu"=hex:06,39,0e,fb,6b,47,f8,73,12,91,9c,d3,2e,fd,3e,fc,3d,9c,1d,14,c2,
7e,9e,89,ce,62,f1,6f,f1,ea,9f,43,30,bc,1f,be,59,8c,39,45,b2,2a,d9,97,fe,5a,\
"rkeysecu"=hex:cd,c9,cc,4c,e5,c0,6f,0d,db,6a,03,d8,2b,ab,f1,3c

[HKEY_LOCAL_MACHINE\software\INTEL\Wireless\Folders\¬ q*2*]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1536)
c:\windows\system32\klogon.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\config.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1600)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\EPSON\eEBAPI\eEBSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\SmartWi Connection Utility\SmartWiService.exe
c:\program files\Apoint\ApntEx.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\documents and settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\documents and settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\documents and settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2009-03-03 18:43:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-03 23:43:38
ComboFix2.txt 2008-12-20 18:39:25
ComboFix3.txt 2008-12-20 14:21:11
ComboFix4.txt 2008-12-10 08:00:55

Pre-Run: 7,180,013,568 bytes free
Post-Run: 7,240,359,936 bytes free

741 --- E O F --- 2009-02-27 15:34:44

yeniuye
2009-03-04, 02:05
uninstall list
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.2
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Brochure
ArcSoft Print Creations - Photo Calendar
Bluetooth Stack for Windows by Toshiba
Business Contact Manager for Outlook 2003
Cingular Connection Manager
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.30
Combined Community Codec Pack 2008-01-24
Core FTP LE 2.1
Crystal Reports Basic for Visual Studio 2008
DVgate Plus
Epson Event Manager
EPSON Printer Software
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Config V3
EpsonNet Print
Fingerprint Tutorial
Football Manager 2009
Free iPod Video Converter 1.26
GMATPrep(TM)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Converter 2 Plus
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
iTunes
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kaspersky Anti-Virus 6.0
Kaspersky Anti-Virus 6.0
Kaspersky Internet Security 2009
Kaspersky Internet Security 2009
LAN Setting Utility
LimeWire 4.16.6
LiveUpdate 3.0 (Symantec Corporation)
Magic ISO Maker v5.4 (build 0251)
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mEoU
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Device Emulator version 3.0 - ENU
Microsoft Digital Image Starter Edition 2006
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Upgrade Advisor (English)
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
Mirar
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.6)
mPfMgr
mPfWiz
mProSafe
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
mWlsSafe
mXML
mZConfig
NiceLabel 5
NiceLabel 5
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
PDF Settings
QuickBooks Premier: Accountant Edition 2008
QuickTime
QuickWordtoPDF
Red Alert Themes
Red Alert Windows 95
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Setting Utility Series
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
SigmaTel Audio
SimCity 4 Deluxe
SmartWi Connection Utility
SonicStage 4.0
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony Ericsson Wireless Modem
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
SopCast 2.0.4
Spybot - Search & Destroy
Super Webcam
SupportSoft Assisted Service
Symantec KB-DocID:2003093015493306
TeamViewer 4
TPM Tutorial
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TVUPlayer 2.3.4.1
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Backup Utility
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO HDD Protection
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 3
VAIO Wireless LAN Setup Utility
VAIOSurveySA
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Windows Imaging Component
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows XP Service Pack 3
WinRAR archiver
Wise Registry Cleaner 3 Professional V3.9

pskelley
2009-03-04, 13:32
I need the HJT log I requested, can't proceed without it.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

This can be done as time permits, but it is important, and may be why you are infected.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 8.1.2 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2 <<< very old version
Java(TM) 6 Update 11 <<< valid but an update is available
Java(TM) 6 Update 5
Java(TM) 6 Update 7
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
http://raproducts.org/ <<< this program will help if the old versions give you problems uninstalling.

LimeWire 4.16.6 <<< uninstall all p2p programs
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

yeniuye
2009-03-04, 19:56
HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:34 PM, on 3/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Common Files\EuroPlus Shared\LblServices.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [VAIO Recovery] c:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S9C5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: Web-Based Email Tools - http://email02.secureserver.net/Download.CAB
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c7a963b945af174ad&browserVersion=7.0
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199995506305
O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} (AvaLaunch Control) - http://212.175.239.246:81/avaLaunch94.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/xupload/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Program Files\Common Files\EuroPlus Shared\LblServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartWiService - Sony Electronics, Inc - C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 17766 bytes

pskelley
2009-03-04, 20:51
Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks

This non-malware related information may help you help your computer run better.
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutorials/runningslowly.php
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx

yeniuye
2009-03-05, 07:58
Malwarebytes' Anti-Malware 1.34
Database version: 1817
Windows 5.1.2600 Service Pack 3

3/5/2009 12:56:50 AM
mbam-log-2009-03-05 (00-56-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 377091
Time elapsed: 3 hour(s), 9 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{5CEDDF2F-F941-4AE6-ADA4-2ED3F7BAF8AE}\RP381\A0172005.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5CEDDF2F-F941-4AE6-ADA4-2ED3F7BAF8AE}\RP381\A0172028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5CEDDF2F-F941-4AE6-ADA4-2ED3F7BAF8AE}\RP381\A0172033.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gohareju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vozimoka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zibuvugo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

yeniuye
2009-03-05, 07:59
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:55 AM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\EuroPlus Shared\LblServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\CoreFTP\coreftp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
O4 - HKLM\..\Run: [VAIO Recovery] c:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S9C5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Efe Tuncel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: Web-Based Email Tools - http://email02.secureserver.net/Download.CAB
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c7a963b945af174ad&browserVersion=7.0
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199995506305
O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} (AvaLaunch Control) - http://212.175.239.246:81/avaLaunch94.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://support.persits.com/xupload/XUpload.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Program Files\Common Files\EuroPlus Shared\LblServices.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SmartWiService - Sony Electronics, Inc - C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 17878 bytes

pskelley
2009-03-05, 16:04
How is the computer running now?
I need you to communicate, you are the one in front of the computer...thanks

You still have Symantec programs you need to get off your computer if you are going to run Kaspersky:
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
This information will help: http://basconotw.mvps.org/SymRem.htm
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=


Scan type: Full Scan (C:\|)
Objects scanned: 377091
Time elapsed: 3 hour(s), 9 minute(s), 20 second(s)
MBAM takes a little over one hour on my computer, you have a load of files but when was the last time you ran ChkDsk and defragged the hard drive?
Defragmenting
http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm
Check for Disk Errors in Windows XP
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/kbtip.mspx

Let's see if we can wrap up like this...

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update Kaspersky Anti-Virus 6.0 and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html