View Full Version : I think I have malware....HELP! PLEASE!!!
freetohavefun999
2009-07-30, 23:34
Hi. I am clueless on what to do here...so be gentle.
When I google something and click on the link it takes me somewhere else. What do I do to fix it? I have attached my HJ log for your review and suggestions.
Thanks for your help!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:28 PM, on 7/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Palo Alto Software Update Manager 9.0.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?36dc603e2f7f4730835acc9fc3028b36
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?36dc603e2f7f4730835acc9fc3028b36
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: AdmApp - {51C99E6F-C969-CEF4-5FA9-08809A12D98D} - C:\Program Files\ssqcmpb\AdmApp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 13804 bytes
Hi there,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
freetohavefun999
2009-08-02, 19:31
Ok so here are the files that you requested...hopefully I did it right. Let me know the next steps once you have a chance to review. Thanks a bunch!
DDS (Ver_09-07-30.01) - NTFSx86
Run by Jeff Richardson at 9:45:10.15 on Sun 08/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.446 [GMT -4:00]
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Jeff Richardson\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\windows\installer\{6b2d979e-216d-43a4-bae2-71a185922ca1}\NewShortcut1.BDD3527A_D6D6_4DD6_AEAD_6B5236DA8F67.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?36dc603e2f7f4730835acc9fc3028b36
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?36dc603e2f7f4730835acc9fc3028b36
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: apple.com\swdlp
Trusted Zone: wachovia.com\www
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: AdmApp - {51C99E6F-C969-CEF4-5FA9-08809A12D98D} - c:\program files\ssqcmpb\AdmApp.dll
================= FIREFOX ===================
FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-12 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-4-16 106808]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070416.017\NAVENG.SYS [2007-4-16 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070416.017\NAVEX15.SYS [2007-4-16 852824]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-5 28800]
S3 MSHUSBVideo;NX6000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2006-8-23 23552]
=============== Created Last 30 ================
2009-07-30 11:52 <DIR> --d----- c:\program files\WebEx
2009-07-27 17:34 <DIR> --d----- c:\program files\iPod
2009-07-27 17:33 <DIR> --d----- c:\program files\iTunes
2009-07-16 20:57 <DIR> --d----- c:\program files\Microsoft
2009-07-16 20:55 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2008-06-17 10:58 230 a------- c:\docume~1\jeffri~1\applic~1\wklnhst.dat
2008-12-29 10:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122920081230\index.dat
============= FINISH: 9:46:02.35 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2006 4:38:29 PM
System Uptime: 7/31/2009 7:38:14 AM (50 hours ago)
Motherboard: Sony Corporation | | Q-Project
Processor: Intel(R) Pentium(R) M processor 1.86GHz | N/A | 1861/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 87 GiB total, 52.115 GiB free.
D: is Removable
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP162: 5/4/2009 11:49:29 AM - System Checkpoint
RP163: 5/5/2009 11:58:33 AM - System Checkpoint
RP164: 5/6/2009 12:59:58 PM - System Checkpoint
RP165: 5/10/2009 6:39:40 PM - System Checkpoint
RP166: 5/11/2009 6:43:39 PM - System Checkpoint
RP167: 5/12/2009 7:09:08 PM - System Checkpoint
RP168: 5/13/2009 10:54:46 AM - Software Distribution Service 3.0
RP169: 5/14/2009 4:14:35 PM - System Checkpoint
RP170: 5/17/2009 9:11:25 AM - System Checkpoint
RP171: 5/18/2009 12:43:24 PM - System Checkpoint
RP172: 5/19/2009 1:35:05 PM - System Checkpoint
RP173: 5/21/2009 10:05:41 AM - System Checkpoint
RP174: 5/22/2009 10:18:10 AM - System Checkpoint
RP175: 5/23/2009 10:18:27 AM - System Checkpoint
RP176: 5/24/2009 5:57:02 PM - System Checkpoint
RP177: 5/26/2009 9:47:28 AM - System Checkpoint
RP178: 5/27/2009 10:42:36 AM - System Checkpoint
RP179: 5/28/2009 12:34:19 PM - System Checkpoint
RP180: 5/29/2009 1:20:15 PM - System Checkpoint
RP181: 5/30/2009 2:40:36 PM - System Checkpoint
RP182: 5/31/2009 2:48:36 PM - System Checkpoint
RP183: 6/1/2009 8:14:18 PM - System Checkpoint
RP184: 6/2/2009 8:29:44 PM - System Checkpoint
RP185: 6/3/2009 9:29:39 PM - System Checkpoint
RP186: 6/4/2009 10:16:03 PM - System Checkpoint
RP187: 6/5/2009 4:18:28 PM - Printer Driver CutePDF Writer Installed
RP188: 6/6/2009 4:26:19 PM - System Checkpoint
RP189: 6/7/2009 4:32:15 PM - System Checkpoint
RP190: 6/8/2009 4:37:17 PM - System Checkpoint
RP191: 6/10/2009 9:00:32 AM - System Checkpoint
RP192: 6/11/2009 8:18:30 AM - Software Distribution Service 3.0
RP193: 6/12/2009 8:33:52 AM - System Checkpoint
RP194: 6/13/2009 4:55:24 PM - System Checkpoint
RP195: 6/14/2009 5:31:45 PM - System Checkpoint
RP196: 6/15/2009 6:58:56 PM - System Checkpoint
RP197: 6/16/2009 7:26:12 PM - System Checkpoint
RP198: 6/17/2009 7:40:17 PM - System Checkpoint
RP199: 6/18/2009 7:40:25 PM - System Checkpoint
RP200: 6/21/2009 1:30:35 AM - System Checkpoint
RP201: 6/22/2009 5:53:54 PM - System Checkpoint
RP202: 6/23/2009 6:18:21 PM - System Checkpoint
RP203: 6/24/2009 7:19:30 PM - System Checkpoint
RP204: 6/25/2009 1:08:45 PM - Installed iTunes
RP205: 6/26/2009 1:41:18 PM - System Checkpoint
RP206: 6/27/2009 1:41:24 PM - System Checkpoint
RP207: 6/29/2009 2:38:40 PM - System Checkpoint
RP208: 6/30/2009 4:18:52 PM - System Checkpoint
RP209: 7/1/2009 4:28:45 PM - System Checkpoint
RP210: 7/2/2009 5:28:45 PM - System Checkpoint
RP211: 7/3/2009 6:29:50 PM - System Checkpoint
RP212: 7/5/2009 9:13:06 AM - System Checkpoint
RP213: 7/6/2009 9:47:55 AM - System Checkpoint
RP214: 7/8/2009 10:55:25 AM - System Checkpoint
RP215: 7/9/2009 12:44:24 PM - System Checkpoint
RP216: 7/10/2009 12:50:46 PM - System Checkpoint
RP217: 7/11/2009 1:51:46 PM - System Checkpoint
RP218: 7/12/2009 4:14:49 PM - System Checkpoint
RP219: 7/14/2009 8:10:02 AM - System Checkpoint
RP220: 7/15/2009 9:08:41 AM - System Checkpoint
RP221: 7/16/2009 3:53:57 AM - Software Distribution Service 3.0
RP222: 7/16/2009 8:54:25 PM - Installed Java(TM) 6 Update 13
RP223: 7/16/2009 8:55:37 PM - Installed MSN Toolbar Setup
RP224: 7/16/2009 9:18:40 PM - Software Distribution Service 3.0
RP225: 7/18/2009 11:48:43 AM - Software Distribution Service 3.0
RP226: 7/21/2009 11:46:41 AM - System Checkpoint
RP227: 7/24/2009 6:23:51 PM - System Checkpoint
RP228: 7/25/2009 7:55:42 PM - System Checkpoint
RP229: 7/27/2009 12:40:13 PM - System Checkpoint
RP230: 7/28/2009 1:12:31 PM - System Checkpoint
RP231: 7/29/2009 1:52:29 PM - System Checkpoint
RP232: 7/30/2009 8:57:59 AM - Software Distribution Service 3.0
RP233: 7/30/2009 11:52:26 AM - Installed WebEx Event Manager for Internet Explorer
RP234: 7/30/2009 12:47:05 PM - Installed Network Recording Player
RP235: 7/31/2009 2:34:57 PM - System Checkpoint
RP236: 8/1/2009 4:48:41 PM - System Checkpoint
==== Installed Programs ======================
3ivx MPEG-4 5.0 Decoder (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9.1.1
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Bonjour
Business Plan Pro 2007
ccCommon
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.00
Compatibility Pack for the 2007 Office system
CONNECT
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DVgate Plus
Form Fill (Windows Live Toolbar)
GearDrvs
Google Earth
Google Toolbar for Internet Explorer
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Converter 2 Plus
InstallMgr
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
JEOPARDY! (remove only)
K-Lite Codec Pack 3.5.3 Full
LiveUpdate 3.2 (Symantec Corporation)
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0)
mPfMgr
mProSafe
MSDE
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee Plugin 1.0
mWlsSafe
mXML
Netscape Browser (remove only)
Network Recording Player
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Office 2003 Trial Assistant
OneCare Advisor (Windows Live Toolbar)
OpenMG Secure Module 4.3.00
Questions and Answers to Help You Pass the Real Estate Exam
QuickTime
QuickWordtoPDF
Realtek High Definition Audio Driver
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Search Enhancement by AOL Search
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skype™ Beta 4.0
Smart Menus (Windows Live Toolbar)
SonicStage 3.3
Sony Certificate PCH
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SuppSoft
Symantec KB-DocID:2003093015493306
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
Tabbed Browsing (Windows Live Toolbar)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
WebEx Event Manager for Internet Explorer
WebFldrs XP
Wheel of Fortune (remove only)
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
8/2/2009 9:40:17 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
7/29/2009 11:51:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Messenger Sharing Folders USN Journal Reader service service to connect.
7/29/2009 11:51:43 AM, error: Service Control Manager [7000] - The Messenger Sharing Folders USN Journal Reader service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2009 11:51:40 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
7/29/2009 11:48:56 AM, error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the path specified.
7/28/2009 11:25:44 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BROOKERICHAR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9F01765-583. The master browser is stopping or an election is being forced.
==== End Of File ===========================
GMER 1.0.15.15011 [d916dml5.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 12:14:30
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT 86B1C258 ZwAlertResumeThread
SSDT 86022418 ZwAlertThread
SSDT 86C18CB8 ZwAllocateVirtualMemory
SSDT 86336A88 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA931020]
SSDT 86B4A108 ZwCreateMutant
SSDT 86C041A8 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA9312A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA931800]
SSDT 86BEFE50 ZwFreeVirtualMemory
SSDT 86BDFA10 ZwImpersonateAnonymousToken
SSDT 86B0B6A8 ZwImpersonateThread
SSDT 86B65278 ZwMapViewOfSection
SSDT 86CF20A0 ZwOpenEvent
SSDT 86045A80 ZwOpenProcessToken
SSDT 86B791A8 ZwOpenThreadToken
SSDT 86051530 ZwResumeThread
SSDT 860222B8 ZwSetContextThread
SSDT 86BFCE50 ZwSetInformationProcess
SSDT 86AD4108 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA931A50]
SSDT 86B00B38 ZwSuspendProcess
SSDT 86BBB090 ZwSuspendThread
SSDT 86301130 ZwTerminateProcess
SSDT 8601B7E0 ZwTerminateThread
SSDT 868CA800 ZwUnmapViewOfSection
SSDT 86B151D8 ZwWriteVirtualMemory
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351F8F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351F54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351E9C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351ED6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E351FCA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35218C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E351F8F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351F10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E351F54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351E9C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351ED6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E351FCA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35218C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CAE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CAEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CAE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CAE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CAE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1332] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CAF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 10019A00
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 10019A38
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 10019994
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 10019943
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!AdjustWindowRectEx 7E42E7EA 5 Bytes JMP 10019E11
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 100199E5
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 1001995E
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 100199AF
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 10019979
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 100199CA
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!AdjustWindowRect 7E431140 5 Bytes JMP 10019D36
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[3432] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 10019928
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
freetohavefun999
2009-08-04, 12:49
ComboFix 09-08-03.04 - Jeff Richardson 08/03/2009 22:32.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.439 [GMT -4:00]
Running from: c:\documents and settings\Jeff Richardson\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\0xf9.exe
c:\documents and settings\Jeff Richardson\Favorites\. RCI Weeks ..url
c:\windows\Installer\4e91217c.msp
c:\windows\Installer\5bfa0f0.msp
c:\windows\Installer\fa280.msp
c:\windows\Installer\WinRMSrv.msi
.
((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-07-30 15:52 . 2009-07-30 16:47 -------- d-----w- c:\program files\WebEx
2009-07-27 21:34 . 2009-07-27 21:34 -------- d-----w- c:\program files\iPod
2009-07-27 21:33 . 2009-07-27 21:34 -------- d-----w- c:\program files\iTunes
2009-07-27 21:26 . 2009-07-27 21:26 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 00:57 . 2009-07-17 00:57 -------- d-----w- c:\program files\Microsoft
2009-07-17 00:55 . 2009-07-17 00:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 00:53 . 2009-07-17 00:53 152576 ----a-w- c:\documents and settings\Jeff Richardson\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 02:29 . 2005-12-13 00:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-04 02:25 . 2005-12-13 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-04 02:19 . 2007-01-16 17:06 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\Skype
2009-08-04 02:18 . 2009-01-16 14:23 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\skypePM
2009-07-27 21:34 . 2009-06-25 17:02 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 00:54 . 2005-12-06 00:23 -------- d-----w- c:\program files\Java
2009-06-29 16:12 . 2005-12-05 20:19 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-12-05 20:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-12-05 20:18 17408 ------w- c:\windows\system32\corpol.dll
2009-06-27 19:21 . 2009-06-27 19:21 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\CopyTrans
2009-06-27 19:19 . 2009-06-27 19:19 -------- d-----w- c:\program files\WindSolutions
2009-06-27 19:18 . 2009-06-27 19:18 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\WindSolutions
2009-06-27 19:18 . 2009-06-27 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-06-25 17:56 . 2007-06-11 01:10 -------- d-----w- c:\documents and settings\Jeff Richardson\Application Data\Apple Computer
2009-06-25 17:09 . 2009-06-25 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-25 17:06 . 2009-06-25 17:06 -------- d-----w- c:\program files\Bonjour
2009-06-25 17:06 . 2007-06-11 01:08 -------- d-----w- c:\program files\QuickTime
2009-06-25 17:03 . 2007-06-11 01:06 -------- d-----w- c:\program files\Apple Software Update
2009-06-25 17:03 . 2008-02-20 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-16 14:36 . 2005-12-05 20:19 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-12-05 20:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 12:25 . 2005-12-13 00:01 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 20:18 . 2009-06-05 20:18 -------- d-----w- c:\program files\Acro Software
2009-06-05 15:42 . 2009-06-25 17:03 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-25 17:03 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-03 19:09 . 2005-12-05 20:19 1291264 ------w- c:\windows\system32\quartz.dll
2009-05-28 19:17 . 2009-05-28 19:17 38208 ----a-w- c:\documents and settings\Jeff Richardson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-07 15:32 . 2008-09-23 14:52 345600 ----a-w- c:\windows\system32\localspl.dll
2006-10-11 08:04 . 2006-10-08 21:31 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-10-08 21:31 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-02-22 14:34 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-02-22 14:34 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-10-08 21:31 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-12-20 24262440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-09-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-17 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-09 14743552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Palo Alto Software Update Manager 9.0.lnk - c:\windows\Installer\{6B2D979E-216D-43A4-BAE2-71A185922CA1}\NewShortcut1.BDD3527A_D6D6_4DD6_AEAD_6B5236DA8F67.exe [2007-3-7 45056]
Service Manager.lnk - c:\mssql7\Binn\sqlmangr.exe [2006-5-8 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AdmApp"= {51C99E6F-C969-CEF4-5FA9-08809A12D98D} - c:\program files\ssqcmpb\AdmApp.dll [2008-09-20 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10774:TCP"= 10774:TCP:BitComet 10774 TCP
"10774:UDP"= 10774:UDP:BitComet 10774 UDP
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/16/2007 1:45 PM 106808]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/5/2005 7:54 PM 28800]
S3 MSHUSBVideo;NX6000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/23/2006 8:33 PM 23552]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-08-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?36dc603e2f7f4730835acc9fc3028b36
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?36dc603e2f7f4730835acc9fc3028b36
Trusted Zone: apple.com\swdlp
Trusted Zone: wachovia.com\www
FF - ProfilePath - c:\documents and settings\Jeff Richardson\Application Data\Mozilla\Firefox\Profiles\qpnqa86b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Jeff Richardson\Application Data\Mozilla\Firefox\Profiles\qpnqa86b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Jeff Richardson\Application Data\Mozilla\Firefox\Profiles\qpnqa86b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 22:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-08-04 22:43
ComboFix-quarantined-files.txt 2009-08-04 02:43
ComboFix2.txt 2008-10-14 17:46
Pre-Run: 56,297,263,104 bytes free
Post-Run: 57,036,918,784 bytes free
164 --- E O F --- 2009-08-03 23:17
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2006 4:38:29 PM
System Uptime: 8/4/2009 3:01:06 AM (2 hours ago)
Motherboard: Sony Corporation | | Q-Project
Processor: Intel(R) Pentium(R) M processor 1.86GHz | N/A | 1861/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 87 GiB total, 53.137 GiB free.
D: is Removable
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP164: 5/6/2009 12:59:58 PM - System Checkpoint
RP165: 5/10/2009 6:39:40 PM - System Checkpoint
RP166: 5/11/2009 6:43:39 PM - System Checkpoint
RP167: 5/12/2009 7:09:08 PM - System Checkpoint
RP168: 5/13/2009 10:54:46 AM - Software Distribution Service 3.0
RP169: 5/14/2009 4:14:35 PM - System Checkpoint
RP170: 5/17/2009 9:11:25 AM - System Checkpoint
RP171: 5/18/2009 12:43:24 PM - System Checkpoint
RP172: 5/19/2009 1:35:05 PM - System Checkpoint
RP173: 5/21/2009 10:05:41 AM - System Checkpoint
RP174: 5/22/2009 10:18:10 AM - System Checkpoint
RP175: 5/23/2009 10:18:27 AM - System Checkpoint
RP176: 5/24/2009 5:57:02 PM - System Checkpoint
RP177: 5/26/2009 9:47:28 AM - System Checkpoint
RP178: 5/27/2009 10:42:36 AM - System Checkpoint
RP179: 5/28/2009 12:34:19 PM - System Checkpoint
RP180: 5/29/2009 1:20:15 PM - System Checkpoint
RP181: 5/30/2009 2:40:36 PM - System Checkpoint
RP182: 5/31/2009 2:48:36 PM - System Checkpoint
RP183: 6/1/2009 8:14:18 PM - System Checkpoint
RP184: 6/2/2009 8:29:44 PM - System Checkpoint
RP185: 6/3/2009 9:29:39 PM - System Checkpoint
RP186: 6/4/2009 10:16:03 PM - System Checkpoint
RP187: 6/5/2009 4:18:28 PM - Printer Driver CutePDF Writer Installed
RP188: 6/6/2009 4:26:19 PM - System Checkpoint
RP189: 6/7/2009 4:32:15 PM - System Checkpoint
RP190: 6/8/2009 4:37:17 PM - System Checkpoint
RP191: 6/10/2009 9:00:32 AM - System Checkpoint
RP192: 6/11/2009 8:18:30 AM - Software Distribution Service 3.0
RP193: 6/12/2009 8:33:52 AM - System Checkpoint
RP194: 6/13/2009 4:55:24 PM - System Checkpoint
RP195: 6/14/2009 5:31:45 PM - System Checkpoint
RP196: 6/15/2009 6:58:56 PM - System Checkpoint
RP197: 6/16/2009 7:26:12 PM - System Checkpoint
RP198: 6/17/2009 7:40:17 PM - System Checkpoint
RP199: 6/18/2009 7:40:25 PM - System Checkpoint
RP200: 6/21/2009 1:30:35 AM - System Checkpoint
RP201: 6/22/2009 5:53:54 PM - System Checkpoint
RP202: 6/23/2009 6:18:21 PM - System Checkpoint
RP203: 6/24/2009 7:19:30 PM - System Checkpoint
RP204: 6/25/2009 1:08:45 PM - Installed iTunes
RP205: 6/26/2009 1:41:18 PM - System Checkpoint
RP206: 6/27/2009 1:41:24 PM - System Checkpoint
RP207: 6/29/2009 2:38:40 PM - System Checkpoint
RP208: 6/30/2009 4:18:52 PM - System Checkpoint
RP209: 7/1/2009 4:28:45 PM - System Checkpoint
RP210: 7/2/2009 5:28:45 PM - System Checkpoint
RP211: 7/3/2009 6:29:50 PM - System Checkpoint
RP212: 7/5/2009 9:13:06 AM - System Checkpoint
RP213: 7/6/2009 9:47:55 AM - System Checkpoint
RP214: 7/8/2009 10:55:25 AM - System Checkpoint
RP215: 7/9/2009 12:44:24 PM - System Checkpoint
RP216: 7/10/2009 12:50:46 PM - System Checkpoint
RP217: 7/11/2009 1:51:46 PM - System Checkpoint
RP218: 7/12/2009 4:14:49 PM - System Checkpoint
RP219: 7/14/2009 8:10:02 AM - System Checkpoint
RP220: 7/15/2009 9:08:41 AM - System Checkpoint
RP221: 7/16/2009 3:53:57 AM - Software Distribution Service 3.0
RP222: 7/16/2009 8:54:25 PM - Installed Java(TM) 6 Update 13
RP223: 7/16/2009 8:55:37 PM - Installed MSN Toolbar Setup
RP224: 7/16/2009 9:18:40 PM - Software Distribution Service 3.0
RP225: 7/18/2009 11:48:43 AM - Software Distribution Service 3.0
RP226: 7/21/2009 11:46:41 AM - System Checkpoint
RP227: 7/24/2009 6:23:51 PM - System Checkpoint
RP228: 7/25/2009 7:55:42 PM - System Checkpoint
RP229: 7/27/2009 12:40:13 PM - System Checkpoint
RP230: 7/28/2009 1:12:31 PM - System Checkpoint
RP231: 7/29/2009 1:52:29 PM - System Checkpoint
RP232: 7/30/2009 8:57:59 AM - Software Distribution Service 3.0
RP233: 7/30/2009 11:52:26 AM - Installed WebEx Event Manager for Internet Explorer
RP234: 7/30/2009 12:47:05 PM - Installed Network Recording Player
RP235: 7/31/2009 2:34:57 PM - System Checkpoint
RP236: 8/1/2009 4:48:41 PM - System Checkpoint
RP237: 8/2/2009 7:40:37 PM - System Checkpoint
RP238: 8/3/2009 7:15:26 PM - Software Distribution Service 3.0
==== Installed Programs ======================
3ivx MPEG-4 5.0 Decoder (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9.1.1
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Bonjour
Business Plan Pro 2007
ccCommon
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.00
Compatibility Pack for the 2007 Office system
CONNECT
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DVgate Plus
Form Fill (Windows Live Toolbar)
GearDrvs
Google Earth
Google Toolbar for Internet Explorer
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Image Converter 2 Plus
InstallMgr
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
JEOPARDY! (remove only)
K-Lite Codec Pack 3.5.3 Full
LiveUpdate 3.2 (Symantec Corporation)
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Streets & Trips 2006 with GPS Locator
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mMHouse
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0)
mPfMgr
mProSafe
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee Plugin 1.0
mWlsSafe
mXML
Netscape Browser (remove only)
Network Recording Player
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Office 2003 Trial Assistant
OneCare Advisor (Windows Live Toolbar)
OpenMG Secure Module 4.3.00
Questions and Answers to Help You Pass the Real Estate Exam
QuickTime
QuickWordtoPDF
Realtek High Definition Audio Driver
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Search Enhancement by AOL Search
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skype™ Beta 4.0
Smart Menus (Windows Live Toolbar)
SonicStage 3.3
Sony Certificate PCH
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SuppSoft
Symantec KB-DocID:2003093015493306
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
Symantec Technical Support Web Controls
SymNet
Tabbed Browsing (Windows Live Toolbar)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
WebEx Event Manager for Internet Explorer
WebFldrs XP
Wheel of Fortune (remove only)
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
8/3/2009 8:10:33 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
8/3/2009 7:17:40 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
8/3/2009 10:31:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/3/2009 10:07:30 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CEDE9C6A. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/2/2009 9:40:17 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
7/29/2009 11:51:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Messenger Sharing Folders USN Journal Reader service service to connect.
7/29/2009 11:51:43 AM, error: Service Control Manager [7000] - The Messenger Sharing Folders USN Journal Reader service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/29/2009 11:51:40 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
7/29/2009 11:48:56 AM, error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the path specified.
7/28/2009 11:25:44 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer BROOKERICHAR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9F01765-583. The master browser is stopping or an election is being forced.
==== End Of File ===========================
DDS (Ver_09-07-30.01) - NTFSx86
Run by Jeff Richardson at 5:46:19.43 on Tue 08/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.238 [GMT -4:00]
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Apoint\Apntex.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeff Richardson\Local Settings\Temporary Internet Files\Content.IE5\7JSVAO8E\dds[1].pif
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\windows\installer\{6b2d979e-216d-43a4-bae2-71a185922ca1}\NewShortcut1.BDD3527A_D6D6_4DD6_AEAD_6B5236DA8F67.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\mssql7\binn\sqlmangr.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?36dc603e2f7f4730835acc9fc3028b36
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?36dc603e2f7f4730835acc9fc3028b36
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: apple.com\swdlp
Trusted Zone: wachovia.com\www
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: AdmApp - {51C99E6F-C969-CEF4-5FA9-08809A12D98D} - c:\program files\ssqcmpb\AdmApp.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jeffri~1\applic~1\mozilla\firefox\profiles\qpnqa86b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\jeff richardson\application data\mozilla\firefox\profiles\qpnqa86b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\jeff richardson\application data\mozilla\firefox\profiles\qpnqa86b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-12-12 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-4-16 106808]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20070416.017\NAVENG.SYS [2007-4-16 77688]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20070416.017\NAVEX15.SYS [2007-4-16 852824]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-5 28800]
S3 MSHUSBVideo;NX6000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2006-8-23 23552]
=============== Created Last 30 ================
2009-08-03 22:41 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-03 22:30 219,648 a------- c:\windows\PEV.exe
2009-08-03 22:30 161,792 a------- c:\windows\SWREG.exe
2009-08-03 22:30 98,816 a------- c:\windows\sed.exe
2009-08-03 22:30 <DIR> --ds---- C:\ComboFix
2009-07-30 11:52 <DIR> --d----- c:\program files\WebEx
2009-07-27 17:34 <DIR> --d----- c:\program files\iPod
2009-07-27 17:33 <DIR> --d----- c:\program files\iTunes
2009-07-16 20:57 <DIR> --d----- c:\program files\Microsoft
2009-07-16 20:55 410,984 a------- c:\windows\system32\deploytk.dll
==================== Find3M ====================
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2008-06-17 10:58 230 a------- c:\docume~1\jeffri~1\applic~1\wklnhst.dat
2008-12-29 10:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122920081230\index.dat
============= FINISH: 5:46:50.84 ===============
Hi again,
Get 9.1.3 update for Adobe Reader here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall these Javas:
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Do you user Firefox? If not, uninstall Mozilla Firefox (2.0). Otherwise uninstall and get the latest 3.5.2 (http://getfirefox.net/download.html).
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
Folder::
c:\program files\ssqcmpb
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AdmApp"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10774:TCP"=-
"10774:UDP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
freetohavefun999
If it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.
Thank you Blade81.