PDA

View Full Version : Please help.



mobil
2009-06-08, 18:16
Hello,

I Believe I may have webwatcher installed without my knowledge, and other keylogging detectors and spybot repeatedly pick up backdoor. rootkits, and other trojans as well as some indicators that lead me to believe it's installed. please help thanks!
below is hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:16 AM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\yperv\atisvc_rhjqjqeby.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\yperv\atisvc_rhjqjqeby.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C8D6404-A9F6-4236-8488-6C5732CB3BFA} (TCBrowseForFolder Class) - http://rewards.truetrax.com/quasar/install/activeX/TPBLDActiveX.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: egqgjf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: atisvc_rhjqjqeby - Unknown owner - C:\WINDOWS\system32\yperv\atisvc_rhjqjqeby.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14510 bytes

thanks,
m

shelf life
2009-06-09, 02:42
hi mobil

Before starting please disable spybots tea timer so it wont go nuts. how:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
-------------------------------------------------------------------------------

go to start>run and type in:
services.msc.
in the list of services that comes up look for>>atisvc_rhjqjqeby


right click on it and select properties.

under the general tab:

the path to the .exe should be:C:\WINDOWS\system32\yperv\atisvc_rhjqjqeby.exe

make sure that the service status is: Stopped, if not click the Stop button

and the Startup type is: disabled, if not change it to disable

click apply, then ok

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O20 - AppInit_DLLs: egqgjf.dll

reboot computer.

Is a updated Superantispyware coming up clean after a scan?
rerun spybot and rescan and post a new hjt log.

mobil
2009-06-09, 17:52
Shelf,
no atisvc_rhjqjqeby, but services pulls up:

ATI Smart and Ati Hotkey Poller
C:\WINDOWS\system32\ati2sgag.exe and C:\WINDOWS\system32\Ati2evxx.exe, respectively. Should I disable those?

M

mobil
2009-06-09, 18:04
Shelf,
also along with the above, KL-detector came up with the following only after I started using my browser (after following all instructions). Is this simply a cache issue or is there something else going on?

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\WINDOWS\Prefetch\WAB.EXE-3AFF2A7C.pf
was created.

C:\WINDOWS\Prefetch
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\parent.lock
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\extensions
was modified.

C:\Program Files\Symantec AntiVirus\SAVRT\0161NAV~.TMP
was modified.

C:\Program Files\Symantec AntiVirus\SAVRT\0161NAV~.TMP
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf
was modified.

C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\update.test
was created.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0\update.test
was created.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\0
was modified.

C:\Program Files\Mozilla Firefox\update.test
was created.

C:\Program Files\Mozilla Firefox
was modified.

C:\Program Files\Mozilla Firefox
was modified.

C:\Program Files\Mozilla Firefox\extensions
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\places.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\DOCUME~1\Lee\LOCALS~1\Temp\etilqs_djLgf0vhrX5D0E2SOdIR
was created.

C:\DOCUME~1\Lee\LOCALS~1\Temp
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\places.sqlite-journal
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\places.sqlite
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\places.sqlite-journal
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\XUL.mfl
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\XUL.mfl
was modified.

C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-359F83C5.pf
was modified.

C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-359F83C5.pf
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\formhistory.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\prefs-1.js
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\prefs-1.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\prefs-1.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\prefs-1.js
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\prefs.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was removed.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_002_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_003_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\urlclassifier3.sqlite-journal
was created.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_003_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_002_
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\Documents and Settings\Lee\ntuser.dat.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1225281_1.cdf
was created.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1225281_1.cdf
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_003_
was modified.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt1F.tmp
was created.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt1F.tmp
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_003_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was created.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was removed.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt1F.tmp
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1225281_1.cdf
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\downloads.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\downloads.sqlite-journal
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\downloads.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\downloads.sqlite-journal
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\downloads.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\downloads.sqlite-journal
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1229140_2.cdf
was created.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\cookies.sqlite-journal
was removed.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt20.tmp
was created.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt20.tmp
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1230875_3.cdf
was created.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default
was modified.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1230875_3.cdf
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_003_
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was created.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was removed.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt20.tmp
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1229140_2.cdf
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default
was modified.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1232218_4.cdf
was created.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default
was modified.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1232218_4.cdf
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_002_
was modified.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt21.tmp
was created.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt21.tmp
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_003_
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was created.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was removed.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt21.tmp
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1230875_3.cdf
was removed.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt22.tmp
was created.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt22.tmp
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was created.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X
was modified.

C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\FPYVLK8X\SaveWebsite[1].txt
was removed.

C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\rqt22.tmp
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default\1816_1232218_4.cdf
was removed.

C:\WINDOWS\system32\yperv\Cache\S-1-5-21-94477767-216550153-2858553433-1006\Default
was modified.

C:\Documents and Settings\Lee\Local Settings\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\Cache\_CACHE_001_
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was created.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore-1.js
was removed.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default\sessionstore.js
was modified.

C:\Documents and Settings\Lee\Application Data\Mozilla\Firefox\Profiles\vazqhpy2.default
was modified.

shelf life
2009-06-10, 00:12
hi,


ATI Smart and Ati Hotkey Poller
C:\WINDOWS\system32\ati2sgag.exe and C:\WINDOWS\system32\Ati2evxx.exe, respectively. Should I disable those?

no, they belong to your ATI graphics card.

Iam not familiar with KL-detector, but all those entries look ok.

See if you can spot this folder: C:\WINDOWS\system32\yperv\atisvc_rhjqjqeby.exe
in the system32 dir.

mobil
2009-06-10, 04:14
yes, I have a C:\WINDOWS\system32\yperv(2)

inside are

ATIDLL_hflxvefbm(2).dll
atisvc_rhjqjqeby(2).exe
AWTKernel32_bdzbwebe(2).dll
Config.dat
database.sdf
Settings1115921.dat
Settings.dat

and a Cache(2) folder containing CDF files in a folder with a very long name.

M

shelf life
2009-06-10, 04:56
hi,

ok good. go to the website below. Browse for that folder on your computer, then upload one by one the .exe and the 2 .dll files.
After a scan is done you can copy/paste the URL (http://.....) in your reply, which will provide a link to the results from the website.
site can get busy at times:

http://www.virustotal.com/

mobil
2009-06-10, 15:11
Shelf:

http://www.virustotal.com/analisis/b8581889c763a88f58997622825a7eb518a6b2a3b31e1a704b79962c33154865-1244635101

http://www.virustotal.com/analisis/c5d7ed59b0bdd4e001a8281054ac01bff3669dcb027223e89296ddd84761726b-1244635277

http://www.virustotal.com/analisis/183e9db1e8b7a8ac4afca692bdfadfd98e4c417b8e8e22c5fede9a9e1858a564-1244635358


perhaps the (2) means that there is a primary folder hidden somewhere, and this is a windows duplicate? this system32 folder is set to view all files.

shelf life
2009-06-11, 01:42
the files as far as Virustotal goes look harmless.

You can send them to me: browse for the files and click the send button, link below:

http://www.bleepingcomputer.com/submit-malware.php?channel=67

mobil
2009-06-11, 18:24
Shelf -
sent to you as requested. pls let me know if anything pops up. so it appears I dont have webwatcher installed?

shelf life
2009-06-12, 00:45
hi,

ok thanks. No it doesnt appear that you have it installed. claims that this software is invisible or stealth simply isnt true. Malware coders can do a much better job.

shelf life
2009-06-14, 04:55
hi,

Those files you sent to me:
I did find a reference to webwatcher:

cmp eax,SWC0045D890_http___data_webwatcherdata_com_v

Clicking the .exe you sent did not install the file on my machine.

You may have had it installed on your computer at one time.

mobil
2009-06-16, 21:57
hi,

Those files you sent to me:
I did find a reference to webwatcher:

cmp eax,SWC0045D890_http___data_webwatcherdata_com_v

Clicking the .exe you sent did not install the file on my machine.

You may have had it installed on your computer at one time.

Thanks, apparently my keystroke activity is still being traced remotely or when someone logs on this machine. any way to detect and remove? do you need a new hijack log?

shelf life
2009-06-17, 00:32
i forgot about that service.

Go to Start > Run and type:

cmd.exe

and click ok. Copy and paste the line below at the blinking prompt _ and click enter

sc query > c:\services.txt & start notepad c:\services.txt


notepad will open with a windows service list. please copy/paste the list in reply.

next: go to start>run again and type copy/paste at the _ and click enter

sc stop atisvc_rhjqjqeby
sc delete atisvc_rhjqjqeby



restart computer in safe mode:
to reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode

once in safe mode navigate to that folder you found before:
C:\WINDOWS\system32\yperv(2)

delete the folder in safe mode.
reboot normally, post the service.txt and a new hjt log
lets see what that does

mobil
2009-06-23, 21:23
shelf,
After restarting in Safe Mode, both the yperv and yperv(2) directories appeared. Delete them both?

shelf life
2009-06-25, 00:52
yes those are the folders that contained the two .dll and the exe with references to webwatcher. before you delete them upload these also, same way you did the others

Config.dat
database.sdf
Settings1115921.dat
Settings.dat

You can send them to me: browse for the files and click the send button, link below:

http://www.bleepingcomputer.com/subm...php?channel=67

mobil
2009-06-25, 20:33
shelf,
1) files uploaded.

2) services.txt follows:


SERVICE_NAME: aawservice
DISPLAY_NAME: Ad-Aware 2007 Service
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AdobeActiveFileMonitor
DISPLAY_NAME: Adobe Active File Monitor
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Apple Mobile Device
DISPLAY_NAME: Apple Mobile Device
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Ati HotKey Poller
DISPLAY_NAME: Ati HotKey Poller
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: AudioSrv
DISPLAY_NAME: Windows Audio
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: BITS
DISPLAY_NAME: Background Intelligent Transfer Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Bonjour Service
DISPLAY_NAME: Bonjour Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccEvtMgr
DISPLAY_NAME: Symantec Event Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ccSetMgr
DISPLAY_NAME: Symantec Settings Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: COMSysApp
DISPLAY_NAME: COM+ System Application
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: CryptSvc
DISPLAY_NAME: Cryptographic Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: DefWatch
DISPLAY_NAME: Symantec AntiVirus Definition Watcher
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: dmserver
DISPLAY_NAME: Logical Disk Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ehRecvr
DISPLAY_NAME: Media Center Receiver Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ehSched
DISPLAY_NAME: Media Center Scheduler Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ERSvc
DISPLAY_NAME: Error Reporting Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: EventSystem
DISPLAY_NAME: COM+ Event System
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: FastUserSwitchingCompatibility
DISPLAY_NAME: Fast User Switching Compatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: FreeAgentGoNext Service
DISPLAY_NAME: Seagate Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: HidServ
DISPLAY_NAME: HID Input Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: IAANTMon
DISPLAY_NAME: Intel(R) Matrix Storage Event Monitor
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: IntuitUpdateService
DISPLAY_NAME: Intuit Update Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: iPod Service
DISPLAY_NAME: iPod Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: JavaQuickStarterService
DISPLAY_NAME: Java Quick Starter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: LightScribeService
DISPLAY_NAME: LightScribeService Direct Disc Labeling Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Nla
DISPLAY_NAME: Network Location Awareness (NLA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PhotoshopElementsDeviceConnect
DISPLAY_NAME: Photoshop Elements Device Connect
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Pml Driver HPZ12
DISPLAY_NAME: Pml Driver HPZ12
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: PolicyAgent
DISPLAY_NAME: IPSEC Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ProtectedStorage
DISPLAY_NAME: Protected Storage
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RasMan
DISPLAY_NAME: Remote Access Connection Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RemoteRegistry
DISPLAY_NAME: Remote Registry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SamSs
DISPLAY_NAME: Security Accounts Manager
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Schedule
DISPLAY_NAME: Task Scheduler
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: seclogon
DISPLAY_NAME: Secondary Logon
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SENS
DISPLAY_NAME: System Event Notification
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: ShellHWDetection
DISPLAY_NAME: Shell Hardware Detection
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: SonicStageMonitoring
DISPLAY_NAME: SonicStageMonitoring
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Sony TV Tuner Manager
DISPLAY_NAME: Sony TV Tuner Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Sony TVTA Manager
DISPLAY_NAME: Sony TVTA Manager
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Spooler
DISPLAY_NAME: Print Spooler
TYPE : 110 WIN32_OWN_PROCESS (interactive)
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: stisvc
DISPLAY_NAME: Windows Image Acquisition (WIA)
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TapiSrv
DISPLAY_NAME: Telephony
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Themes
DISPLAY_NAME: Themes
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: TrkWks
DISPLAY_NAME: Distributed Link Tracking Client
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: Vcsw
DISPLAY_NAME: VAIO Entertainment UPnP Client Adapter
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: W32Time
DISPLAY_NAME: Windows Time
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WebClient
DISPLAY_NAME: WebClient
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wscsvc
DISPLAY_NAME: Security Center
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: wuauserv
DISPLAY_NAME: Automatic Updates
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0


3) HJT log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:34 PM, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C8D6404-A9F6-4236-8488-6C5732CB3BFA} (TCBrowseForFolder Class) - http://rewards.truetrax.com/quasar/install/activeX/TPBLDActiveX.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: egqgjf.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: atisvc_rhjqjqeby - Unknown owner - C:\WINDOWS\system32\yperv\atisvc_rhjqjqeby.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14259 bytes

mobil
2009-06-25, 20:37
also in regular mode:

re-ran sc stop atisvc_rhjqjqeby and got"

[SC] ControlService FAILED 1062:
The service has not been started.


re-ran sc delete atisvc_rhjqjqeby and got:

[SC] DeleteService SUCCESS

shelf life
2009-06-26, 04:42
hi,

ok. good. looks like that service wasnt running but did get deleted. I havent looked at those other files yet.