View Full Version : help with malware
DDS LOG:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 10:42:12.56 on Fri 05/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.466 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a298ed31-d405-40e2-880f-b7511948e582} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {dc89854f-22db-4380-a6be-27c10f101d44} - No File
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunServices: [F-Secure Gatekeeper] taskmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [<NO NAME>]
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - ?p=ZSYYYYYYYYUS
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli fusstub
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3cbbr5ku.default\
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2005-12-19 9216]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-11-8 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-11-8 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-19 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-19 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2005-12-19 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-19 217472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-5-7 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-5-7 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-5-7 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-5-7 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-5-7 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-5-7 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-5-7 153472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-4 1251720]
=============== Created Last 30 ================
2010-05-21 14:35:50 0 d-----w- c:\windows\pss
2010-05-20 20:34:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 20:34:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-20 20:32:58 0 d-----w- c:\program files\SpywareBlaster
2010-05-20 20:14:49 0 d-----w- C:\!KillBox
2010-05-16 01:45:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 01:41:05 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2010-05-16 01:41:02 0 d-----w- c:\windows\Hewlett-Packard
2010-05-07 20:20:00 15983616 ----a-w- c:\documents and settings\owner\Cricket Broadband Setup-v1.0 (build 1950).msi
2010-05-07 20:14:58 0 d-----w- c:\docume~1\owner\applic~1\Cricket
2010-05-07 20:12:44 444 ----a-w- c:\windows\sms.db
2010-05-07 20:12:44 12 ----a-w- c:\windows\sms.bak
2010-05-07 20:10:46 0 d-----w- c:\program files\Cricket
2010-04-22 23:57:15 0 d-----w- c:\docume~1\owner\applic~1\Office Genuine Advantage
==================== Find3M ====================
2010-05-17 02:15:17 229376 ----a-w- c:\documents and settings\owner\cwshredder.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2009-07-08 16:57:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-30 11:55:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009093020091001\index.dat
============= FINISH: 10:43:03.39 ===============
Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/4/2007 4:31:56 PM
System Uptime: 5/21/2010 10:16:36 AM (0 hours ago)
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | N/A | 1833/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 88 GiB total, 65.062 GiB free.
D: is Removable
E: is CDROM (UDF)
F: is Removable
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP477: 3/9/2010 6:45:23 PM - Software Distribution Service 3.0
RP478: 3/22/2010 9:25:09 PM - Software Distribution Service 3.0
RP479: 3/28/2010 2:47:50 PM - System Checkpoint
RP480: 4/1/2010 7:28:24 PM - System Checkpoint
RP481: 4/2/2010 10:23:17 PM - System Checkpoint
RP482: 4/5/2010 6:59:38 PM - System Checkpoint
RP483: 4/14/2010 11:06:12 PM - Removed GoBoingo!
RP484: 4/16/2010 5:08:07 PM - Software Distribution Service 3.0
RP485: 4/17/2010 3:11:52 PM - Removed VZAccess Manager for Novatel.
RP486: 4/17/2010 3:14:16 PM - Removed Wireless Switch Setting Utility
RP487: 4/17/2010 3:59:38 PM - Installed Wireless Switch Setting Utility
RP488: 4/19/2010 9:03:46 PM - System Checkpoint
RP489: 4/19/2010 9:10:19 PM - Software Distribution Service 3.0
RP490: 4/21/2010 3:23:47 PM - System Checkpoint
RP491: 4/21/2010 3:31:45 PM - Removed Adobe® Photoshop® Album Starter Edition 3.2
RP492: 4/21/2010 3:38:58 PM - Software Distribution Service 3.0
RP493: 4/27/2010 8:02:08 PM - System Checkpoint
RP494: 4/29/2010 12:16:54 PM - System Checkpoint
RP495: 5/1/2010 2:23:25 AM - System Checkpoint
RP496: 5/6/2010 9:31:09 PM - System Checkpoint
RP497: 5/7/2010 3:10:44 PM - Installed Cricket Broadband 1.0
RP498: 5/7/2010 3:22:31 PM - Installed Cricket Broadband 1.0
RP499: 5/9/2010 9:20:54 PM - System Checkpoint
RP500: 5/13/2010 5:04:56 PM - Software Distribution Service 3.0
RP501: 5/14/2010 7:17:53 PM - System Checkpoint
RP502: 5/15/2010 8:44:31 PM - Installed Java(TM) 6 Update 20
RP503: 5/20/2010 3:35:56 PM - Installed MSN Toolbar Setup
RP504: 5/21/2010 8:05:51 AM - Removed Click to DVD Menu Data
RP505: 5/21/2010 8:06:23 AM - Removed Click to DVD
RP506: 5/21/2010 9:44:45 AM - Removed Windows Live Upload Tool
RP507: 5/21/2010 10:11:12 AM - Removed VAIO Breeze Wallpaper
RP508: 5/21/2010 10:13:34 AM - Removed TPM Tutorial
RP509: 5/21/2010 10:14:12 AM - Removed VAIO Light Flo Wallpaper
RP510: 5/21/2010 10:33:07 AM - Removed HDView for Internet Explorer
==== Installed Programs ======================
2Wire Wireless Client
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Bluetooth Stack for Windows by Toshiba
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite
BufferChm
Business Contact Manager for Outlook 2003
CalyxLoanBridge11
Copy
CorelDRAW Graphics Suite X3
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Cricket Broadband 1.0
Cricket EVDO Modem
CueTour
Destination Component
DeviceDiscovery
DocMgr
DocProc
DocumentViewer
DSD Direct
DSD Playback Plug-in 1.0
EA Download Manager
ERUNT 1.1j
ES
Fingerprint Tutorial
FontNav
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Document Manager 2.0
HP Image Zone 4.7
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Update
HPSSupply
HPSystemDiagnostics
Image Converter 2 Plus
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 5
JEOPARDY! (remove only)
Junk Mail filter update
LAN Setting Utility
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Map Button (Windows Live Toolbar)
MarketResearch
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mEoU
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
mZConfig
Network
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
Office 2003 Trial Assistant
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.3.00
PanoStandAlone
PaperPort
PhotoGallery
Point
Prodigy Infinitum Módem Router Inalámbrico
ProductContext
Protector Suite QL 5.2
QFolder
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Scan
ScannerCopy
Search Enhancement by AOL Search
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Setting Utility Series
Setup
Shop for HP Supplies
SigmaTel Audio
SkinsHP1
Smart Menus (Windows Live Toolbar)
SonicStage 3.3
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
SpywareBlaster 4.3
Status
Symantec KB-DocID:2003093015493306
Tiger Woods PGA TOUR 07
Toolbox
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO HDD Protection
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VBA
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Service Pack 3
Wireless Switch Setting Utility
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
5/21/2010 10:42:15 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
5/20/2010 3:34:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/20/2010 3:30:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall eeCtrl Fips intelppm Tosrfcom
5/20/2010 3:14:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/20/2010 3:14:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/16/2010 11:30:05 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
5/14/2010 9:21:55 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 7C:6D:62:46:F5:39. Network operations on this system may be disrupted as a result.
==== End Of File ===========================
Hello and welcome to Safer Networking.
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh DDS Log (Both DDS and Attach.txt)
Hey thank you so much! Here are the logs :)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:07:54.85 on Wed 05/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.465 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {a298ed31-d405-40e2-880f-b7511948e582} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {dc89854f-22db-4380-a6be-27c10f101d44} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunServices: [F-Secure Gatekeeper] taskmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [<NO NAME>]
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - ?p=ZSYYYYYYYYUS
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli fusstub
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3cbbr5ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2005-12-19 9216]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-11-8 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-11-8 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-19 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-19 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2005-12-19 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-19 217472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-5-7 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-5-7 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-5-7 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-5-7 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-5-7 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-5-7 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-5-7 153472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-4 1251720]
=============== Created Last 30 ================
2010-05-24 20:47:32 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-24 20:47:32 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-05-22 21:57:45 54 ----a-w- c:\windows\winpoint.ini
2010-05-21 14:35:50 0 d-----w- c:\windows\pss
2010-05-20 20:34:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 20:34:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-20 20:32:58 0 d-----w- c:\program files\SpywareBlaster
2010-05-20 20:14:49 0 d-----w- C:\!KillBox
2010-05-16 01:45:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 01:41:05 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2010-05-16 01:41:02 0 d-----w- c:\windows\Hewlett-Packard
2010-05-07 20:20:00 15983616 ----a-w- c:\documents and settings\owner\Cricket Broadband Setup-v1.0 (build 1950).msi
2010-05-07 20:14:58 0 d-----w- c:\docume~1\owner\applic~1\Cricket
2010-05-07 20:12:44 444 ----a-w- c:\windows\sms.db
2010-05-07 20:12:44 12 ----a-w- c:\windows\sms.bak
2010-05-07 20:10:46 0 d-----w- c:\program files\Cricket
==================== Find3M ====================
2010-05-17 02:15:17 229376 ----a-w- c:\documents and settings\owner\cwshredder.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-07-08 16:57:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-30 11:55:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009093020091001\index.dat
============= FINISH: 8:08:48.29 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/4/2007 4:31:56 PM
System Uptime: 5/26/2010 7:59:18 AM (1 hours ago)
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | N/A | 989/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 88 GiB total, 64.621 GiB free.
D: is Removable
E: is CDROM (UDF)
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP477: 3/9/2010 6:45:23 PM - Software Distribution Service 3.0
RP478: 3/22/2010 9:25:09 PM - Software Distribution Service 3.0
RP479: 3/28/2010 2:47:50 PM - System Checkpoint
RP480: 4/1/2010 7:28:24 PM - System Checkpoint
RP481: 4/2/2010 10:23:17 PM - System Checkpoint
RP482: 4/5/2010 6:59:38 PM - System Checkpoint
RP483: 4/14/2010 11:06:12 PM - Removed GoBoingo!
RP484: 4/16/2010 5:08:07 PM - Software Distribution Service 3.0
RP485: 4/17/2010 3:11:52 PM - Removed VZAccess Manager for Novatel.
RP486: 4/17/2010 3:14:16 PM - Removed Wireless Switch Setting Utility
RP487: 4/17/2010 3:59:38 PM - Installed Wireless Switch Setting Utility
RP488: 4/19/2010 9:03:46 PM - System Checkpoint
RP489: 4/19/2010 9:10:19 PM - Software Distribution Service 3.0
RP490: 4/21/2010 3:23:47 PM - System Checkpoint
RP491: 4/21/2010 3:31:45 PM - Removed Adobe® Photoshop® Album Starter Edition 3.2
RP492: 4/21/2010 3:38:58 PM - Software Distribution Service 3.0
RP493: 4/27/2010 8:02:08 PM - System Checkpoint
RP494: 4/29/2010 12:16:54 PM - System Checkpoint
RP495: 5/1/2010 2:23:25 AM - System Checkpoint
RP496: 5/6/2010 9:31:09 PM - System Checkpoint
RP497: 5/7/2010 3:10:44 PM - Installed Cricket Broadband 1.0
RP498: 5/7/2010 3:22:31 PM - Installed Cricket Broadband 1.0
RP499: 5/9/2010 9:20:54 PM - System Checkpoint
RP500: 5/13/2010 5:04:56 PM - Software Distribution Service 3.0
RP501: 5/14/2010 7:17:53 PM - System Checkpoint
RP502: 5/15/2010 8:44:31 PM - Installed Java(TM) 6 Update 20
RP503: 5/20/2010 3:35:56 PM - Installed MSN Toolbar Setup
RP504: 5/21/2010 8:05:51 AM - Removed Click to DVD Menu Data
RP505: 5/21/2010 8:06:23 AM - Removed Click to DVD
RP506: 5/21/2010 9:44:45 AM - Removed Windows Live Upload Tool
RP507: 5/21/2010 10:11:12 AM - Removed VAIO Breeze Wallpaper
RP508: 5/21/2010 10:13:34 AM - Removed TPM Tutorial
RP509: 5/21/2010 10:14:12 AM - Removed VAIO Light Flo Wallpaper
RP510: 5/21/2010 10:33:07 AM - Removed HDView for Internet Explorer
RP511: 5/21/2010 12:49:20 PM - Removed Windows Live Favorites for Windows Live Toolbar
RP512: 5/21/2010 12:49:37 PM - Removed Windows Live ID Sign-in Assistant
RP513: 5/21/2010 12:49:52 PM - Removed Windows Live Sync
RP514: 5/21/2010 3:56:13 PM - Removed VAIO Original Screen Saver
RP515: 5/21/2010 3:56:29 PM - Removed VAIO Original Screen Saver VAIO Cozy Screen SD Wide Cont
RP516: 5/21/2010 3:56:50 PM - Removed VAIO Media Registration Tool
RP517: 5/22/2010 4:04:00 PM - Installed Windows Internet Explorer 8.
RP518: 5/22/2010 4:04:29 PM - Software Distribution Service 3.0
RP519: 5/22/2010 4:54:47 PM - Removed 2Wire Wireless Client
RP520: 5/22/2010 4:56:10 PM - Configured VAIOSurveySA
RP521: 5/24/2010 3:43:14 PM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Bluetooth Stack for Windows by Toshiba
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite
BufferChm
Business Contact Manager for Outlook 2003
CalyxLoanBridge11
Copy
CorelDRAW Graphics Suite X3
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Cricket Broadband 1.0
Cricket EVDO Modem
CueTour
Destination Component
DeviceDiscovery
DocMgr
DocProc
DocumentViewer
DSD Direct
DSD Playback Plug-in 1.0
EA Download Manager
ERUNT 1.1j
ES
Fingerprint Tutorial
FontNav
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Document Manager 2.0
HP Image Zone 4.7
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Update
HPSystemDiagnostics
Image Converter 2 Plus
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 5
LAN Setting Utility
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Map Button (Windows Live Toolbar)
MarketResearch
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mEoU
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
mZConfig
Network
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
Office 2003 Trial Assistant
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.3.00
PanoStandAlone
PaperPort
PhotoGallery
Prodigy Infinitum Módem Router Inalámbrico
ProductContext
Protector Suite QL 5.2
QFolder
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Scan
ScannerCopy
Search Enhancement by AOL Search
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Setting Utility Series
Setup
SigmaTel Audio
SkinsHP1
Smart Menus (Windows Live Toolbar)
SonicStage 3.3
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
SpywareBlaster 4.3
Status
Symantec KB-DocID:2003093015493306
Tiger Woods PGA TOUR 07
Toolbox
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO HDD Protection
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VBA
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Service Pack 3
Wireless Switch Setting Utility
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
5/24/2010 2:46:51 PM, error: Dhcp [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 00130204E867 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/22/2010 4:57:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file regsvr32.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
5/21/2010 10:42:15 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
5/20/2010 4:13:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/20/2010 3:34:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/20/2010 3:30:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall eeCtrl Fips intelppm Tosrfcom
5/20/2010 3:30:23 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.
5/20/2010 3:26:57 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
5/20/2010 3:16:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/20/2010 3:14:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DMICall eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 3:14:55 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
==== End Of File ===========================
Sorry, I think I might have changed something on the last DDS post, so I reran it and this is the freshest log.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 8:12:32.00 on Wed 05/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.466 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {a298ed31-d405-40e2-880f-b7511948e582} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {dc89854f-22db-4380-a6be-27c10f101d44} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunServices: [F-Secure Gatekeeper] taskmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [<NO NAME>]
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - ?p=ZSYYYYYYYYUS
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli fusstub
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3cbbr5ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2005-12-19 9216]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-11-8 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-11-8 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-19 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-19 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2005-12-19 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-19 217472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-5-7 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-5-7 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-5-7 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-5-7 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-5-7 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-5-7 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-5-7 153472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-4 1251720]
=============== Created Last 30 ================
2010-05-24 20:47:32 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-24 20:47:32 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-05-22 21:57:45 54 ----a-w- c:\windows\winpoint.ini
2010-05-21 14:35:50 0 d-----w- c:\windows\pss
2010-05-20 20:34:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 20:34:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-20 20:32:58 0 d-----w- c:\program files\SpywareBlaster
2010-05-20 20:14:49 0 d-----w- C:\!KillBox
2010-05-16 01:45:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 01:41:05 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2010-05-16 01:41:02 0 d-----w- c:\windows\Hewlett-Packard
2010-05-07 20:20:00 15983616 ----a-w- c:\documents and settings\owner\Cricket Broadband Setup-v1.0 (build 1950).msi
2010-05-07 20:14:58 0 d-----w- c:\docume~1\owner\applic~1\Cricket
2010-05-07 20:12:44 444 ----a-w- c:\windows\sms.db
2010-05-07 20:12:44 12 ----a-w- c:\windows\sms.bak
2010-05-07 20:10:46 0 d-----w- c:\program files\Cricket
==================== Find3M ====================
2010-05-17 02:15:17 229376 ----a-w- c:\documents and settings\owner\cwshredder.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-07-08 16:57:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-30 11:55:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009093020091001\index.dat
============= FINISH: 8:12:52.26 ===============
What specific malware problems is your computer experiencing?
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:
1)Antivir PersonalEdition Classic (http://www.free-av.com/)
2)avast! Home Edition (http://www.avast.com/free-antivirus-download)
Download and install only one!
Step # 1: Download and Run Gmer
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
At first, this program kept popping up insisting that I click on it to remove viruses that had infected my computer. I knew that this program, itself, was malware trying to get me to do something worse, so I ran spybot and it found several instances of malware. It supposedly got rid of them but I'm not so sure. I feel like the program adapted and hid itself or something. Here's my gmer log.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-27 10:10:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxloaaog.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ti21sony.sys entry point in "init" section [0xF65E3051]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
---- Processes - GMER 1.0.15 ----
Process C:\WINDOWS\system32\verclsid.exe (*** hidden *** ) 2404
---- EOF - GMER 1.0.15 ----
Thanks for the info/explanation. :)
Did you install an AntiVirus as instructed in the last post?
Negative. I'm afraid of slowing my system down throughout this process. I thought I would install it after my laptop was clean.
Its best to have an AntiVirus installed on your computer at all times. This way you have an extra layer of protection in case something happens to your computer. Since you don't have an AV installed yet on your computer, you'll need to keep your computer offline/off the Internet as much as possible. These tools that I'm having you use can be downloaded to a clean computer and transfered over to the infected, offline computer and then the logs can be transfered back via USB/Flash Drive to be posted.
I'll let you know when your computer can go back online. :)
Step # 1: Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
km, i'm running combofix now on the laptop and replying from the pc. i have to admit that i accessed the internet twice since i read your post. the first time is when i read your reply, i immediately disconnected and began following your instructions. then when i ran combofix, it prompted me to get on the internet to download something the windows recovery console. after that, my laptop remained on the internet, as combofix started scanning and i didn't want to touch the laptop.
UPDATE!
Combofix caused my laptop to restart and it took me to the blue screen that checks for disk consistency. it checked the disks, was successful, then booted up. combofix started up again and it began preparing the log report. this is the log:
ComboFix 10-05-27.03 - Owner 05/28/2010 8:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.560 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\setup.exe
c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
c:\windows\system32\AbaleZip.dll
c:\windows\system32\Vb40032.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.
2010-05-26 13:16 . 2010-05-26 13:16 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-26 13:05 . 2010-05-26 13:05 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3beaed5b-n\msvcp71.dll
2010-05-26 13:05 . 2010-05-26 13:05 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3beaed5b-n\jmc.dll
2010-05-26 13:05 . 2010-05-26 13:05 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3beaed5b-n\msvcr71.dll
2010-05-26 13:05 . 2010-05-26 13:05 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-755bb2a0-n\decora-sse.dll
2010-05-26 13:05 . 2010-05-26 13:05 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-755bb2a0-n\decora-d3d.dll
2010-05-24 20:47 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-24 20:47 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-05-21 15:40 . 2010-05-21 15:40 -------- d-----w- c:\program files\ERUNT
2010-05-21 15:32 . 2010-05-21 15:32 0 ----a-w- c:\windows\nsreg.dat
2010-05-21 15:32 . 2010-05-21 15:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-05-20 20:34 . 2010-05-20 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 20:34 . 2010-05-20 20:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 20:33 . 2010-05-21 14:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 20:32 . 2010-05-20 20:33 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 20:14 . 2010-05-20 20:14 -------- d-----w- C:\!KillBox
2010-05-16 01:45 . 2010-05-16 01:45 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63178cea-n\msvcp71.dll
2010-05-16 01:45 . 2010-05-16 01:45 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63178cea-n\jmc.dll
2010-05-16 01:45 . 2010-05-16 01:45 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63178cea-n\msvcr71.dll
2010-05-16 01:45 . 2010-05-16 01:45 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2c613894-n\decora-sse.dll
2010-05-16 01:45 . 2010-05-16 01:45 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2c613894-n\decora-d3d.dll
2010-05-16 01:45 . 2010-05-16 01:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 01:41 . 2010-05-16 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-05-16 01:41 . 2010-05-16 01:41 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-10 18:02 . 2010-05-10 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-10 04:59 . 2010-05-10 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-07 20:20 . 2010-05-07 20:19 15983616 ----a-w- c:\documents and settings\Owner\Cricket Broadband Setup-v1.0 (build 1950).msi
2010-05-07 20:14 . 2010-05-07 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Cricket
2010-05-07 20:10 . 2010-05-07 20:10 -------- d-----w- c:\program files\Cricket
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 16:08 . 2009-05-13 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-22 21:56 . 2007-09-28 02:14 -------- d-----w- c:\program files\HP
2010-05-22 21:56 . 2005-12-19 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 21:56 . 2005-12-19 19:18 -------- d-----w- c:\program files\Sony
2010-05-21 17:49 . 2008-01-04 02:33 -------- d-----w- c:\program files\Windows Live
2010-05-21 15:01 . 2009-05-05 23:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2010-05-21 14:47 . 2007-10-17 13:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-05-21 14:47 . 2007-10-17 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-21 13:09 . 2007-10-17 12:58 -------- d-----w- c:\program files\Yahoo!
2010-05-21 13:06 . 2005-12-19 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-05-21 13:02 . 2007-09-27 23:34 -------- d-----w- c:\program files\ZipForm Desktop
2010-05-21 13:01 . 2007-10-26 06:37 -------- d-----w- c:\program files\LimeWire
2010-05-17 02:15 . 2008-04-03 16:01 229376 ----a-w- c:\documents and settings\Owner\cwshredder.dll
2010-05-16 01:46 . 2005-12-19 19:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 01:44 . 2005-12-19 19:00 -------- d-----w- c:\program files\Java
2010-05-13 22:07 . 2007-09-29 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 06:10 . 2007-10-26 06:38 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-05-10 04:58 . 2005-12-19 22:58 -------- d-----w- c:\program files\Google
2010-04-23 00:25 . 2010-04-23 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Office Genuine Advantage
2010-04-21 20:52 . 2007-09-28 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-04-21 20:32 . 2009-11-27 02:42 -------- d-----w- c:\program files\DivX
2010-04-21 20:31 . 2007-10-03 17:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 20:19 . 2009-08-24 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-17 20:17 . 2007-09-04 21:05 -------- d-----w- c:\program files\Symantec
2010-04-17 20:17 . 2007-09-04 21:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 20:15 . 2008-02-15 05:37 -------- d-----w- c:\program files\Sportsbook Poker
2010-04-15 04:05 . 2009-02-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-03-10 06:15 . 2005-12-19 16:20 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-07-08 16:57 . 2009-07-08 16:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-15 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-05 7340032]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-10 569413]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-11-09 1335808]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-10-11 1724416]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-9-27 819200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-11-09 00:49 39936 ----a-w- c:\windows\system32\fusstub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli fusstub
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [12/19/2005 11:21 AM 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [11/8/2005 7:51 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [11/8/2005 7:51 PM 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/19/2005 11:21 AM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/19/2005 11:21 AM 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [12/19/2005 11:21 AM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/19/2005 11:21 AM 217472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2010 11:58 PM 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [5/7/2010 3:11 PM 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [5/7/2010 3:11 PM 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [5/7/2010 3:11 PM 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [5/7/2010 3:11 PM 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [5/7/2010 3:11 PM 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [5/7/2010 3:11 PM 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [5/7/2010 3:11 PM 153472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 6:13 PM 102448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:58]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:58]
2010-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237746336-416321924-1500192828-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-15 18:57]
2010-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237746336-416321924-1500192828-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-15 18:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3cbbr5ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{a298ed31-d405-40e2-880f-b7511948e582} - (no file)
BHO-{dc89854f-22db-4380-a6be-27c10f101d44} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-VAIO Recovery - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
HKLM-Run-PartSeal - c:\windows\Sonysys\VAIO Recovery\PartSeal.exe
AddRemove-AOL Search Enhancement - c:\program files\AOL\AOL Search Enhancement\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 09:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\config.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
- - - - - - - > 'explorer.exe'(320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-28 09:11:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 14:11
Pre-Run: 69,022,486,528 bytes free
Post-Run: 68,987,858,944 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 46977F291828AF1B535CEDF73FB773FE
Step # 1: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
KILLALL::
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
IE: &Search - ?p=ZSYYYYYYYYUS
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Note: This CFScript is for use on edv222's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
In your next post/reply, I need to see the following:
1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.
edv222? How are things coming along?
hey km, sorry, i had to get to work to use my work computer to read this stuff (since i can't get on the internet on the laptop). i'm running cfscript on combofix as i type this, and will produce both logs shortly. thanks for being patient with me km :)
Combofix:
ComboFix 10-05-27.03 - Owner 06/01/2010 8:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.564 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.
2010-05-26 13:16 . 2010-05-26 13:16 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-26 13:05 . 2010-05-26 13:05 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3beaed5b-n\msvcp71.dll
2010-05-26 13:05 . 2010-05-26 13:05 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3beaed5b-n\jmc.dll
2010-05-26 13:05 . 2010-05-26 13:05 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3beaed5b-n\msvcr71.dll
2010-05-26 13:05 . 2010-05-26 13:05 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-755bb2a0-n\decora-sse.dll
2010-05-26 13:05 . 2010-05-26 13:05 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-755bb2a0-n\decora-d3d.dll
2010-05-24 20:47 . 2008-04-13 18:45 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-24 20:47 . 2008-04-13 18:45 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-05-21 15:40 . 2010-05-21 15:40 -------- d-----w- c:\program files\ERUNT
2010-05-21 15:32 . 2010-05-21 15:32 0 ----a-w- c:\windows\nsreg.dat
2010-05-21 15:32 . 2010-05-21 15:32 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-05-20 20:34 . 2010-05-20 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 20:34 . 2010-05-20 20:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 20:33 . 2010-05-21 14:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 20:32 . 2010-05-20 20:33 -------- d-----w- c:\program files\SpywareBlaster
2010-05-20 20:14 . 2010-05-20 20:14 -------- d-----w- C:\!KillBox
2010-05-16 01:45 . 2010-05-16 01:45 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63178cea-n\msvcp71.dll
2010-05-16 01:45 . 2010-05-16 01:45 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63178cea-n\jmc.dll
2010-05-16 01:45 . 2010-05-16 01:45 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-63178cea-n\msvcr71.dll
2010-05-16 01:45 . 2010-05-16 01:45 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2c613894-n\decora-sse.dll
2010-05-16 01:45 . 2010-05-16 01:45 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2c613894-n\decora-d3d.dll
2010-05-16 01:45 . 2010-05-16 01:44 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 01:41 . 2010-05-16 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2010-05-16 01:41 . 2010-05-16 01:41 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-10 18:02 . 2010-05-10 18:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-10 04:59 . 2010-05-10 04:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-07 20:20 . 2010-05-07 20:19 15983616 ----a-w- c:\documents and settings\Owner\Cricket Broadband Setup-v1.0 (build 1950).msi
2010-05-07 20:14 . 2010-05-07 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Cricket
2010-05-07 20:10 . 2010-05-07 20:10 -------- d-----w- c:\program files\Cricket
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 16:08 . 2009-05-13 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-22 21:56 . 2007-09-28 02:14 -------- d-----w- c:\program files\HP
2010-05-22 21:56 . 2005-12-19 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-22 21:56 . 2005-12-19 19:18 -------- d-----w- c:\program files\Sony
2010-05-21 17:49 . 2008-01-04 02:33 -------- d-----w- c:\program files\Windows Live
2010-05-21 15:01 . 2009-05-05 23:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2010-05-21 14:47 . 2007-10-17 13:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2010-05-21 14:47 . 2007-10-17 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-21 13:09 . 2007-10-17 12:58 -------- d-----w- c:\program files\Yahoo!
2010-05-21 13:06 . 2005-12-19 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-05-21 13:02 . 2007-09-27 23:34 -------- d-----w- c:\program files\ZipForm Desktop
2010-05-21 13:01 . 2007-10-26 06:37 -------- d-----w- c:\program files\LimeWire
2010-05-17 02:15 . 2008-04-03 16:01 229376 ----a-w- c:\documents and settings\Owner\cwshredder.dll
2010-05-16 01:46 . 2005-12-19 19:00 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 01:44 . 2005-12-19 19:00 -------- d-----w- c:\program files\Java
2010-05-13 22:07 . 2007-09-29 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 06:10 . 2007-10-26 06:38 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-05-10 04:58 . 2005-12-19 22:58 -------- d-----w- c:\program files\Google
2010-04-23 00:25 . 2010-04-23 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-22 23:57 . 2010-04-22 23:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Office Genuine Advantage
2010-04-21 20:52 . 2007-09-28 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-04-21 20:32 . 2009-11-27 02:42 -------- d-----w- c:\program files\DivX
2010-04-21 20:31 . 2007-10-03 17:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 20:19 . 2009-08-24 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-17 20:17 . 2007-09-04 21:05 -------- d-----w- c:\program files\Symantec
2010-04-17 20:17 . 2007-09-04 21:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 20:15 . 2008-02-15 05:37 -------- d-----w- c:\program files\Sportsbook Poker
2010-04-15 04:05 . 2009-02-24 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-03-10 06:15 . 2005-12-19 16:20 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-07-08 16:57 . 2009-07-08 16:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-04-15 136176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-05 7340032]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-25 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-25 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-10 569413]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-11-09 1335808]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-10-11 1724416]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-9-27 819200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-11-09 00:49 39936 ----a-w- c:\windows\system32\fusstub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli fusstub
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [12/19/2005 11:21 AM 9216]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [11/8/2005 7:51 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [11/8/2005 7:51 PM 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/19/2005 11:21 AM 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/19/2005 11:21 AM 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [12/19/2005 11:21 AM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [12/19/2005 11:21 AM 217472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2010 11:58 PM 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [5/7/2010 3:11 PM 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [5/7/2010 3:11 PM 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [5/7/2010 3:11 PM 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [5/7/2010 3:11 PM 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [5/7/2010 3:11 PM 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [5/7/2010 3:11 PM 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [5/7/2010 3:11 PM 153472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 6:13 PM 102448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:58]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 04:58]
2010-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237746336-416321924-1500192828-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-15 18:57]
2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237746336-416321924-1500192828-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-15 18:57]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3cbbr5ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 09:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\config.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-06-01 09:07:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-01 14:07
ComboFix2.txt 2010-05-28 14:11
Pre-Run: 68,905,287,680 bytes free
Post-Run: 68,859,523,072 bytes free
- - End Of File - - 3A23BF12E7A858C04D52F80FCBBB72D9
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 9:09:36.78 on Tue 06/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.478 [GMT -5:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli fusstub
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3cbbr5ku.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2005-12-19 9216]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-11-8 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-11-8 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-19 36352]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-19 29312]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2005-12-19 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-19 217472]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-9 135664]
S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2010-5-7 47360]
S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2010-5-7 153600]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2010-5-7 13312]
S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2010-5-7 153472]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2010-5-7 103424]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2010-5-7 153600]
S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2010-5-7 153472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-4 1251720]
=============== Created Last 30 ================
2010-05-28 13:56:43 0 d-sha-r- C:\cmdcons
2010-05-28 13:48:19 98816 ----a-w- c:\windows\sed.exe
2010-05-28 13:48:19 77312 ----a-w- c:\windows\MBR.exe
2010-05-28 13:48:19 256512 ----a-w- c:\windows\PEV.exe
2010-05-28 13:48:19 161792 ----a-w- c:\windows\SWREG.exe
2010-05-24 20:47:32 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2010-05-24 20:47:32 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-05-22 21:57:45 54 ----a-w- c:\windows\winpoint.ini
2010-05-21 14:35:50 0 d-----w- c:\windows\pss
2010-05-20 20:34:21 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-20 20:34:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-20 20:32:58 0 d-----w- c:\program files\SpywareBlaster
2010-05-20 20:14:49 0 d-----w- C:\!KillBox
2010-05-16 01:45:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 01:41:05 0 d-----w- c:\docume~1\owner\applic~1\HpUpdate
2010-05-16 01:41:02 0 d-----w- c:\windows\Hewlett-Packard
2010-05-07 20:20:00 15983616 ----a-w- c:\documents and settings\owner\Cricket Broadband Setup-v1.0 (build 1950).msi
2010-05-07 20:14:58 0 d-----w- c:\docume~1\owner\applic~1\Cricket
2010-05-07 20:12:44 444 ----a-w- c:\windows\sms.db
2010-05-07 20:12:44 12 ----a-w- c:\windows\sms.bak
2010-05-07 20:10:46 0 d-----w- c:\program files\Cricket
==================== Find3M ====================
2010-05-17 02:15:17 229376 ----a-w- c:\documents and settings\owner\cwshredder.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-07-08 16:57:57 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-30 11:55:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009093020091001\index.dat
============= FINISH: 9:09:47.62 ===============
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/4/2007 4:31:56 PM
System Uptime: 6/1/2010 8:58:55 AM (1 hours ago)
Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | N/A | 1833/166mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 88 GiB total, 64.165 GiB free.
D: is Removable
E: is CDROM (UDF)
F: is Removable
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP477: 3/9/2010 6:45:23 PM - Software Distribution Service 3.0
RP478: 3/22/2010 9:25:09 PM - Software Distribution Service 3.0
RP479: 3/28/2010 2:47:50 PM - System Checkpoint
RP480: 4/1/2010 7:28:24 PM - System Checkpoint
RP481: 4/2/2010 10:23:17 PM - System Checkpoint
RP482: 4/5/2010 6:59:38 PM - System Checkpoint
RP483: 4/14/2010 11:06:12 PM - Removed GoBoingo!
RP484: 4/16/2010 5:08:07 PM - Software Distribution Service 3.0
RP485: 4/17/2010 3:11:52 PM - Removed VZAccess Manager for Novatel.
RP486: 4/17/2010 3:14:16 PM - Removed Wireless Switch Setting Utility
RP487: 4/17/2010 3:59:38 PM - Installed Wireless Switch Setting Utility
RP488: 4/19/2010 9:03:46 PM - System Checkpoint
RP489: 4/19/2010 9:10:19 PM - Software Distribution Service 3.0
RP490: 4/21/2010 3:23:47 PM - System Checkpoint
RP491: 4/21/2010 3:31:45 PM - Removed Adobe® Photoshop® Album Starter Edition 3.2
RP492: 4/21/2010 3:38:58 PM - Software Distribution Service 3.0
RP493: 4/27/2010 8:02:08 PM - System Checkpoint
RP494: 4/29/2010 12:16:54 PM - System Checkpoint
RP495: 5/1/2010 2:23:25 AM - System Checkpoint
RP496: 5/6/2010 9:31:09 PM - System Checkpoint
RP497: 5/7/2010 3:10:44 PM - Installed Cricket Broadband 1.0
RP498: 5/7/2010 3:22:31 PM - Installed Cricket Broadband 1.0
RP499: 5/9/2010 9:20:54 PM - System Checkpoint
RP500: 5/13/2010 5:04:56 PM - Software Distribution Service 3.0
RP501: 5/14/2010 7:17:53 PM - System Checkpoint
RP502: 5/15/2010 8:44:31 PM - Installed Java(TM) 6 Update 20
RP503: 5/20/2010 3:35:56 PM - Installed MSN Toolbar Setup
RP504: 5/21/2010 8:05:51 AM - Removed Click to DVD Menu Data
RP505: 5/21/2010 8:06:23 AM - Removed Click to DVD
RP506: 5/21/2010 9:44:45 AM - Removed Windows Live Upload Tool
RP507: 5/21/2010 10:11:12 AM - Removed VAIO Breeze Wallpaper
RP508: 5/21/2010 10:13:34 AM - Removed TPM Tutorial
RP509: 5/21/2010 10:14:12 AM - Removed VAIO Light Flo Wallpaper
RP510: 5/21/2010 10:33:07 AM - Removed HDView for Internet Explorer
RP511: 5/21/2010 12:49:20 PM - Removed Windows Live Favorites for Windows Live Toolbar
RP512: 5/21/2010 12:49:37 PM - Removed Windows Live ID Sign-in Assistant
RP513: 5/21/2010 12:49:52 PM - Removed Windows Live Sync
RP514: 5/21/2010 3:56:13 PM - Removed VAIO Original Screen Saver
RP515: 5/21/2010 3:56:29 PM - Removed VAIO Original Screen Saver VAIO Cozy Screen SD Wide Cont
RP516: 5/21/2010 3:56:50 PM - Removed VAIO Media Registration Tool
RP517: 5/22/2010 4:04:00 PM - Installed Windows Internet Explorer 8.
RP518: 5/22/2010 4:04:29 PM - Software Distribution Service 3.0
RP519: 5/22/2010 4:54:47 PM - Removed 2Wire Wireless Client
RP520: 5/22/2010 4:56:10 PM - Configured VAIOSurveySA
RP521: 5/24/2010 3:43:14 PM - System Checkpoint
RP522: 5/26/2010 11:21:06 AM - Software Distribution Service 3.0
RP523: 5/27/2010 4:32:55 PM - System Checkpoint
RP524: 6/1/2010 8:50:44 AM - ComboFix created restore point
==== Installed Programs ======================
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709n
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Bluetooth Stack for Windows by Toshiba
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite
BufferChm
Business Contact Manager for Outlook 2003
CalyxLoanBridge11
Copy
CorelDRAW Graphics Suite X3
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Cricket Broadband 1.0
Cricket EVDO Modem
CueTour
Destination Component
DeviceDiscovery
DocMgr
DocProc
DocumentViewer
DSD Direct
DSD Playback Plug-in 1.0
EA Download Manager
ERUNT 1.1j
ES
Fingerprint Tutorial
FontNav
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Manager 2.0
HP Image Zone 4.7
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Update
HPSystemDiagnostics
Image Converter 2 Plus
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 20
Java(TM) 6 Update 5
LAN Setting Utility
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Map Button (Windows Live Toolbar)
MarketResearch
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mEoU
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
mIWA
mLogView
mMHouse
Mobile Broadband Generic Drivers
Mozilla Firefox (3.6.3)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mXML
mZConfig
Network
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
Office 2003 Trial Assistant
OGA Notifier 2.0.0048.0
OpenMG Secure Module 4.3.00
PanoStandAlone
PaperPort
PhotoGallery
Prodigy Infinitum Módem Router Inalámbrico
ProductContext
Protector Suite QL 5.2
QFolder
Quicken 2006
QuickTime
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Setting Utility Series
Setup
SigmaTel Audio
SkinsHP1
Smart Menus (Windows Live Toolbar)
SonicStage 3.3
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
SpywareBlaster 4.3
Status
Symantec KB-DocID:2003093015493306
Tiger Woods PGA TOUR 07
Toolbox
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO HDD Protection
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VBA
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Service Pack 3
Wireless Switch Setting Utility
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
6/1/2010 8:51:34 AM, error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:34 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:34 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:34 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:34 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:34 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTBCM service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Brother Popup Suspend service for Resource manager service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/1/2010 8:51:33 AM, error: Service Control Manager [7034] - The Automatic LiveUpdate Scheduler service terminated unexpectedly. It has done this 1 time(s).
5/27/2010 11:04:27 AM, error: Service Control Manager [7022] - The VAIO Entertainment File Import Service service hung on starting.
5/27/2010 11:01:00 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
5/26/2010 8:07:57 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
==== End Of File ===========================
You'll need to reconnect your computer to the Internet from this point on till the end of the fix. I'll be having you download/update things directly on your computer, so you'll need Internet access for that. Since you'll be on the Internet now is a good time to download and install one of the AntiVirus I listed in a previous post. :)
Step # 1 Remove old versions of Java
Older Java versions have vulnerabilities and need to be removed.
Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Reboot your Computer.
Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Step # 3 Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Post the MalwareBytes' Log in your next post/reply.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4166
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/3/2010 8:41:12 AM
mbam-log-2010-06-03 (08-41-12).txt
Scan type: Quick scan
Objects scanned: 136975
Time elapsed: 6 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
KM, after i posted the last log, i installed avast and ran a quick scan. I have attached a screen shot of the results. I have not taken any action. First thing i did was screenshot, save, and post this.
What Avast found is an infected System Restore point. It is harmless where it is. I'll show you how to remove it and set a new, clean one in an upcoming post.
Your Adobe Reader is out of date. Open up Adobe Reader, then click Help, then click Check for Updates. Once Adobe is done checking for updates, have it download and install the update for Adobe Reader 9.3.0. Repeat these steps and have Adobe Reader download and install the update for Adobe Reader 9.3.2
Step # 1: Run Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
In your next post/reply, I need to see the following:
1. Kaspersky Log
2. How is your computer doing, any problems?
My computer is actually running really slow, but i think that's due to the anti-virus program. Aside from that, it's pretty smooth :).
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, June 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 04, 2010 07:29:18
Records in database: 4199053
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 103657
Threats found: 12
Infected objects found: 15
Suspicious objects found: 0
Scan duration: 02:06:14
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19A13B29.inf Infected: Trojan.Win32.Agent.amp 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP486\A0261994.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282581.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282582.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282583.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282584.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.aq 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282587.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282588.EXE Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282589.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282590.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282603.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282606.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP501\A0282627.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.as 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP503\A0292041.exe Infected: Packed.Win32.Krap.ai 1
C:\System Volume Information\_restore{87B25966-01BA-49CA-A481-399172E7D99C}\RP503\A0292044.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
Selected area has been scanned.
The majority of what Kaspersky found is infected System Restore points. They are harmless where they are. I'll show you how to clear them and set a new, clean Restore Point in an upcoming vid.
Kaspersky found some files related to Norton/Symantec. Since you don't have Norton anymore and are using Avast as your AntiVirus, let's remove all remnants of Norton from your computer.
First, uninstall the following programs via Add/Remove Programs, if found:
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Symantec KB-DocID:2003093015493306
Once they've been removed reboot your computer.
When your computer boots back up, visit the link below and download the Norton Removal Tool:
http://solutions.symantec.com/sdccommon/asp/symcu_defcontent_view.asp?ssfromlink=true&sprt_cid=6963b863-9269-4ec4-8a44-4e8803bcb0dc&docid=20070816103157EN
Once you've downloaded the tool, run it and follow its instructions. At the end, if it doesn't reboot your computer, reboot your computer yourself.
My computer is actually running really slow, but i think that's due to the anti-virus program. Aside from that, it's pretty smooth .
How much RAM does your computer have?
Try the tips at the website below to see if they help with the slowness:
http://www.malwareremoval.com/tutorials/runningslowly.php
i'm not sure which version of norton i have, and hence, don't know which removal tool to pick. how can i find out?
When did you get your computer? Did Norton come with it or did you buy Norton? Look to see if you can find a Norton/Symantec CD and see what year/version it says on it.
This topic has been archived due to inactivity.
If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start a new topic.