Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Virtumonde and Smitfraud-c - please help

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    6

    Default Virtumonde and Smitfraud-c - please help

    Please help me clean my computer from these viruses. Thanks in advance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:00:53 PM, on 12/21/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    D:\software\LogMeIn\x86\RaMaint.exe
    D:\software\LogMeIn\x86\LogMeIn.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    D:\Software\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    D:\software\LogMeIn\x86\LogMeInSystray.exe
    D:\software\HP\HP Software Update\HPWuSchd2.exe
    D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\software\iTunes\iTunesHelper.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Software\Sony\SONICS~1\SsAAD.exe
    D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\software\Spybot\TeaTimer.exe
    C:\Program Files\Apoint\Apntex.exe
    D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Software\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\PowerPanel\Program\PcfMgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    D:\software\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\software\HP\Digital Imaging\bin\hpqnrs08.exe
    d:\software\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\HPZinw12.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Software\Spybot\SDHelper.dll
    O2 - BHO: {356e3fc1-173c-23a9-9a34-131fcb2fc4a5} - {5a4cf2bc-f131-43a9-9a32-c3711cf3e653} - C:\WINDOWS\system32\lweapz.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LogMeIn GUI] "D:\software\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HP Software Update] D:\software\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mxomssmenu] "D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\software\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [SpybotSnD] "d:\software\Spybot\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SsAAD.exe] D:\Software\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\software\Spybot\TeaTimer.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Software\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    O4 - Global Startup: PowerPanel.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156603487532
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215789415984
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
    O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpn...p.cab?1,0,0,94
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - AppInit_DLLs: lweapz.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\software\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\software\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\software\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Software\Maxtor\Sync\SyncServices.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 13439 bytes

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
    The junk can be tough to remove, so do not expect fast or easy.

    I apologize for the wait, volunteers are swamped at all forums with infected computers. If you have resolved your issues, please post to let me know so I can close this topic.

    http://forums.spybot.info/showthread.php?t=20965 <<< see this information, it is a wonder this thread has not be archived by now. If you have not resolved these issues, read the directions pinned (sticky) to the top of this forum and posted above and make sure you have followed all directions. Since this log is six days old, post a new HJT log.

    Before you post make sure TeaTimer is diabled according to the directions and return System Configuration Utility (MSconfig) to Normal Startup Mode before you create the HJT log. You may return to Selective Startup without a restart.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    6

    Default here is the new hjt log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:42:23 AM, on 12/27/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    D:\software\LogMeIn\x86\RaMaint.exe
    D:\software\LogMeIn\x86\LogMeIn.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    D:\Software\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Apoint\Apntex.exe
    D:\software\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\software\HP\HP Software Update\HPWuSchd2.exe
    D:\Software\Logitech\MouseWare\system\em_exec.exe
    D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe
    D:\software\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Software\Sony\SONICS~1\SsAAD.exe
    D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    C:\Program Files\PowerPanel\Program\PcfMgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\software\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\software\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\WINDOWS\system32\HPZinw12.exe
    D:\Software\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Software\Spybot\SDHelper.dll
    O2 - BHO: {356e3fc1-173c-23a9-9a34-131fcb2fc4a5} - {5a4cf2bc-f131-43a9-9a32-c3711cf3e653} - C:\WINDOWS\system32\lweapz.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LogMeIn GUI] "D:\software\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HP Software Update] D:\software\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mxomssmenu] "D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\software\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SsAAD.exe] D:\Software\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Software\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    O4 - Global Startup: PowerPanel.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156603487532
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215789415984
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
    O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpn...p.cab?1,0,0,94
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - AppInit_DLLs: lweapz.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\software\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\software\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\software\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Software\Maxtor\Sync\SyncServices.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 13334 bytes

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

    2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    Tutorial if needed
    http://www.bleepingcomputer.com/comb...o-use-combofix


    3) Post also an uninstall list: Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
    Update for Windows XP and Windows XP Hotfix to shorten the list
    )
    Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

    Thanks...Phil
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    Dec 2008
    Posts
    6

    Default updates

    Combofix log file ...

    ComboFix 08-12-26.03 - Dave 2008-12-27 22:04:40.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.499 [GMT -5:00]
    Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated)
    FW: Norton Internet Security *disabled*
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\IE4 Error Log.txt
    c:\windows\system32\lweapz.dll
    c:\windows\system32\mdm.exe
    c:\windows\system32\ymewvyak.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
    .

    2008-12-21 17:03 . 2008-12-21 20:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-21 13:16 . 2008-12-21 13:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-12-21 13:15 . 2008-12-21 13:15 <DIR> d-------- c:\documents and settings\Dave\Application Data\SUPERAntiSpyware.com
    2008-12-07 15:47 . 2008-12-07 15:47 <DIR> d-------- c:\documents and settings\Dave\Application Data\Notepad++
    2008-12-06 21:55 . 2008-12-06 21:55 <DIR> d-------- c:\program files\iPod
    2008-12-06 21:55 . 2008-12-06 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-28 03:09 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-28 00:09 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
    2008-12-21 23:30 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier
    2008-12-21 18:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2008-12-21 01:07 --------- d-----w c:\documents and settings\Dave\Application Data\SiteClasses
    2008-12-07 02:55 --------- d-----w c:\program files\Common Files\Apple
    2008-12-07 02:52 --------- d-----w c:\program files\QuickTime
    2008-11-13 00:13 --------- d-----w c:\program files\HP
    2008-11-13 00:13 --------- d-----w c:\program files\Hewlett-Packard
    2008-11-13 00:10 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
    2008-11-01 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\HP
    2008-10-31 02:00 --------- d-----w c:\program files\Common Files\SureThing Shared
    2008-02-26 01:28 56,912 ----a-w c:\documents and settings\Dave\g2mdlhlpx.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "SsAAD.exe"="d:\software\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
    "SUPERAntiSpyware"="d:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 335872]
    "HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 90112]
    "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2003-01-15 217088]
    "ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
    "ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
    "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "LogMeIn GUI"="d:\software\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "HP Software Update"="d:\software\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "mxomssmenu"="d:\software\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="d:\software\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
    "Logitech Utility"="Logi_MwX.Exe" [2003-03-04 c:\windows\LOGI_MWX.EXE]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - d:\software\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-23 282624]
    Logitech Desktop Messenger.lnk - d:\software\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-09-02 169472]
    Mobile User VPN.lnk - c:\program files\WatchGuard\Mobile User VPN\SafeCfg.exe [2008-04-07 65588]
    PowerPanel.lnk - c:\program files\PowerPanel\Program\PcfMgr.exe [2003-01-10 872448]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\software\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-03 14:56 352256 d:\software\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-10-17 13:52 87352 c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
    "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    "msacm.mpegacm"= mpegacm.acm
    "msacm.ulmp3acm"= ulmp3acm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Software\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\WatchGuard\\Mobile User VPN\\IreIKE.exe"=
    "c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe"= c:\program files\WatchGuard\Mobile User VPN\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
    "c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe"= c:\program files\WatchGuard\Mobile User VPN\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
    "c:\program files\WatchGuard\Mobile User VPN\vpn.exe"= c:\program files\WatchGuard\Mobile User VPN\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager

    R1 SASDIFSV;SASDIFSV;\??\d:\software\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
    R1 SASKUTIL;SASKUTIL;\??\d:\software\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
    R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2008-04-07 521786]
    R2 IPSECDRV;SafeNet IPSec Plugin;\??\c:\windows\system32\Drivers\IPSECDRV.sys [2008-04-07 119864]
    R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-25 149352]
    R2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\software\LogMeIn\x86\RaInfo.sys [2007-05-30 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-05-30 47640]
    R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\DRIVERS\vap.sys [2006-12-29 36188]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
    R3 oibtvcom;Bluetooth Virtual COM Port;c:\windows\system32\Drivers\oivmvcom.sys [2003-01-10 279680]
    R3 oivmctrl;VCOMM Device Controller;c:\windows\system32\Drivers\oivmctrl.sys [2003-01-10 15616]
    R3 SASENUM;SASENUM;\??\d:\software\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
    R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [2003-01-09 71961]
    S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
    S3 Crystal Query Server;Crystal Query Server;"c:\program files\Seagate Software\Query Server\querysrv.exe" -service [1998-11-08 375296]
    S3 EdgeSer;Edgeport Serial Port Driver for Windows 2000, XP & Server 2003;c:\windows\system32\DRIVERS\edgeser.sys [2008-07-29 200098]
    S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;c:\windows\system32\DRIVERS\fa410nd5.sys [2003-01-09 24618]
    S3 Ionenum;Edgeport Filter Driver;c:\windows\system32\DRIVERS\ionenum.sys [2008-07-29 27078]
    S4 LMIRfsClientNP;LMIRfsClientNP; []
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;"d:\software\VS2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2005-09-23 2799808]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0786872-7500-11db-89d1-000e351093bd}]
    \Shell\AutoRun\command - eDiveInstall.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1f482e0-f8fe-11dc-8b83-080046cc8aae}]
    \Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-12-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Dave.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 20:19]

    2008-12-19 c:\windows\Tasks\Rescue Reminder for 2HAA5J66.job
    - d:\software\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 16:52]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
    HKCU-Run-Sonic RecordNow! - (no file)
    MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-27 22:09:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1844)
    d:\software\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\LMIinit.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\WatchGuard\Mobile User VPN\IreIKE.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WatchGuard\Mobile User VPN\IPSecMon.exe
    d:\software\LogMeIn\x86\ramaint.exe
    d:\software\LogMeIn\x86\LogMeIn.exe
    d:\software\LogMeIn\x86\LMIGuardian.exe
    d:\software\Maxtor\Sync\SyncServices.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Sony\HotKey Utility\HKWnd.exe
    c:\program files\Apoint\ApntEx.exe
    d:\software\Logitech\MouseWare\system\EM_EXEC.EXE
    d:\software\LogMeIn\x86\LMIGuardian.exe
    d:\software\HP\Digital Imaging\bin\hpqste08.exe
    c:\program files\iPod\bin\iPodService.exe
    d:\software\HP\Digital Imaging\bin\hpqnrs08.exe
    c:\windows\system32\HPZinw12.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-27 22:15:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-28 03:14:54

    Pre-Run: 12,704,174,080 bytes free
    Post-Run: 12,838,395,904 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    214 --- E O F --- 2008-12-18 08:01:27



    HijackThis uninstall file ...

    AceFTP 3 Freeware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Premiere 6 LE
    Adobe Reader 8.1.2
    AppCore
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AviSynth 2.5
    Axialis IconWorkshop 6.0
    BetaBrite Messaging Software
    BlueSpace NE
    Bluetooth Virtual COM Port
    Bonjour
    CA VMN Anti-Spyware (remove only)
    ccCommon
    Component Framework
    CutePDF Writer 2.7
    DVD Decrypter (Remove Only)
    DVgate Plus
    FTDI USB Serial Converter Drivers
    GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
    GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix for Windows XP (KB952287)
    HotKey Utility
    HP Deskjet 6900 series
    HP Imaging Device Functions 6.0
    HP Photosmart Essential
    HP Product Assistant
    HP Solution Center and Imaging Support Tools 6.0
    HP Update
    Hy-Tek's MEET MANAGER 2.0 for Swimming
    Infragistics NetAdvantage Suite v1.02
    Innovasys Freeware Component Suite
    Intel(R) PRO Network Adapters and Drivers
    InterVideo WinDVD 5 for VAIO
    IP*Works! V6 Visual Basic Edition
    ist score board simulator
    iTunes
    Janus GridEX 2000 - ActiveX Control
    Jasc Paint Shop Pro 9
    Jasc Paint Shop Pro 9.01 - (9.0.1.1)
    Jasc Paint Shop Pro 9.01 Patch
    Java 2 Runtime Environment, SE v1.4.2_01
    LG Mobile Phone Data Transfer Suite
    LG USB Modem driver
    LGUsbConverterDriver
    LiveUpdate (Symantec Corporation)
    LiveUpdate (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech Harmony Remote Software 7
    Logitech MouseWare 9.76
    LogMeIn
    Maxtor Manager
    Maxtor Manager
    Memory Stick Formatter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Device Emulator version 1.0 - ENU
    Microsoft Document Explorer 2005
    Microsoft Document Explorer 2005
    Microsoft Office Professional Edition 2003
    Microsoft Office Small Business Accounting 2006
    Microsoft Office Small Business Edition 2003
    Microsoft SQL Server 2000
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Professional Edition - ENU
    Microsoft Visual Studio 2005 Web Deployment Projects
    Microsoft Visual Studio 6.0 Enterprise Edition
    Microsoft Web Publishing Wizard 1.53
    Mobile Broadband Drivers
    Mobile User VPN
    MobileMe Control Panel
    MoodLogic
    MSDN Library - Visual Studio 6.0
    MSDN Library for Visual Studio 2005
    MSDN Library for Visual Studio 2005
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    Music Visualizer Library 1.4.00
    MUSICMATCH Jukebox
    Network Smart Capture
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    Notepad++
    OpenMG AAC Add-on Module 1.0.00
    OpenMG Limited Patch 4.5-06-05-12-01
    OpenMG Secure Module 4.5.01
    Pdf995
    PdfEdit995
    PictureGear Studio 2.0
    PowerPanel
    Protection PLUS 4.1 Enterprise Edition
    Quicken 2007
    QuickTime
    RealOne Player
    Remote Control USB Driver
    Screenblast ACID 4.0
    Screenblast Sound Forge 1.1
    Seagate Crystal Reports 7
    Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB960714)
    Sheridan ActiveListBar
    Sheridan ActiveThreed 2.0
    Sheridan ActiveToolBars
    Sheridan ActiveTreeView
    SmartSound Quicktracks Plugin
    SoftV92 Data Fax Modem
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    SonicStage 4.0
    SonicStage Mastering Studio 1.2
    SonicStage Mastering Studio Plugins 1.0
    Sony Certificate PCH
    Sony Download Taxi 1.5.0.0
    Sony Notebook Setup
    Sony USB Mouse
    Sony Utilities DLL
    Sony Video Shared Library
    SPBBC 32bit
    SplashID iPhone Desktop 4.04.01
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    SureThing CD Labeler Deluxe 4
    Symantec Technical Support Web Controls
    Ulead VideoStudio 9.0 SE DVD
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    VAIO BrightColor Wallpaper
    VAIO Edit Components
    VAIO Help and Support
    VAIO Media 2.6
    VAIO Media Integrated Server 2.6
    VAIO Media Redistribution 2.6
    VAIO Registration
    VAIO Support
    VAIO Survey Standalone
    VAIO Wireless Utility
    Videora iPod touch Converter 3.07
    Viewpoint Media Player (Remove Only)
    Visual SourceSafe Server
    VOB2MPG 2.5
    Welcome to VAIO life
    Windows Installer 3.1 (KB893803)
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Service Pack 2
    Wireless Switch Setting Utility

    New HijackThis log file ...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:19:06 PM, on 12/27/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    D:\software\LogMeIn\x86\RaMaint.exe
    D:\software\LogMeIn\x86\LogMeIn.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    D:\Software\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Apoint\Apntex.exe
    D:\software\LogMeIn\x86\LogMeInSystray.exe
    D:\Software\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    D:\software\HP\HP Software Update\HPWuSchd2.exe
    D:\software\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    C:\Program Files\PowerPanel\Program\PcfMgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    D:\software\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\software\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    D:\Software\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\HPZinw12.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Software\Spybot\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LogMeIn GUI] "D:\software\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HP Software Update] D:\software\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mxomssmenu] "D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\software\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SsAAD.exe] D:\Software\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Software\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    O4 - Global Startup: PowerPanel.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156603487532
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215789415984
    O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpn...p.cab?1,0,0,94
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: !SASWinLogon - D:\software\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\software\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\software\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Software\Maxtor\Sync\SyncServices.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 13289 bytes

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for returning your information, I see you are using removable media, are you positive it is not infected?

    Please download ATF Cleaner by Atribune
    http://www.atribune.org/public-beta/ATF-Cleaner.exe
    Save it to your Desktop. Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    *Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
    http://www.windowsnetworking.com/art...efetch-XP.html

    Download Malwarebytes' Anti-Malware to your Desktop
    http://www.malwarebytes.org/

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    * Please post contents of that file & a new HJT log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Tutorial if needed:
    http://www.techsupportteam.org/forum...ware-mbam.html

    How is the computer running now?

    Thanks

    This can be done as time permits, but it is very important.
    Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

    Hackers are using out of date programs to infect folks more and more,
    Here is a small free tool that lets you know when something needs an update if you are interested:
    http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

    Adobe Reader 8.1.2 <<< out of date and unsafe, see this:
    http://news.cnet.com/8301-1009_3-100...ml?tag=nl.e433
    http://www.filehippo.com/download_adobe_reader/
    (if you want a smaller program, look at this one)
    Foxit Reader 2.3 for Windows
    http://www.foxitsoftware.com/pdf/rd_intro.php

    Java 2 Runtime Environment, SE v1.4.2_01 <<< VERY old and dangerous, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    Be aware of this information so you can opt out of anything you do not want.
    Microsoft Does MSN Toolbar Distribution Deal With Java:
    http://searchengineland.com/microsof...java-15413.php
    If you have trouble uninstalling that old version, this tool will help:
    http://raproducts.org/

    Viewpoint Media Player (Remove Only)
    For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
    http://www.spywareinfo.com/newslette....php#viewpoint
    http://www.clickz.com/news/article.php/3561546
    http://vil.nai.com/vil/content/v_137262.htm
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Dec 2008
    Posts
    6

    Default updated log files

    Here is the HijackThis log ...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:00:30 PM, on 12/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    D:\Software\Logitech\MouseWare\system\em_exec.exe
    D:\software\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Apoint\Apntex.exe
    D:\software\HP\HP Software Update\HPWuSchd2.exe
    D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe
    D:\software\iTunes\iTunesHelper.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Software\Sony\SONICS~1\SsAAD.exe
    D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    C:\Program Files\PowerPanel\Program\PcfMgr.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    D:\software\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\software\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    D:\software\LogMeIn\x86\RaMaint.exe
    D:\software\LogMeIn\x86\LogMeIn.exe
    D:\software\LogMeIn\x86\LMIGuardian.exe
    D:\Software\Maxtor\Sync\SyncServices.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\HPZinw12.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Software\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Software\Spybot\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [LogMeIn GUI] "D:\software\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [HP Software Update] D:\software\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [mxomssmenu] "D:\Software\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\software\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SsAAD.exe] D:\Software\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\software\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Software\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Software\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Mobile User VPN.lnk = C:\Program Files\WatchGuard\Mobile User VPN\SafeCfg.exe
    O4 - Global Startup: PowerPanel.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Software\Spybot\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156603487532
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1215789415984
    O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpn...p.cab?1,0,0,94
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: !SASWinLogon - D:\software\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\software\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - D:\software\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Software\Maxtor\Sync\SyncServices.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 13351 bytes

    Here is the log from MBAM ...


    Malwarebytes' Anti-Malware 1.31
    Database version: 1550
    Windows 5.1.2600 Service Pack 2

    12/28/2008 10:52:27 PM
    mbam-log-2008-12-28 (22-52-26).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 233256
    Time elapsed: 1 hour(s), 8 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Delete on reboot.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\lweapz.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\ymewvyak.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP958\A0053141.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP959\A0053146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP962\A0058234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP963\A0058236.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP964\A0058254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E14A4764-3A66-4777-9907-1B57FF36B5D7}\RP964\A0058255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

  8. #8
    Junior Member
    Join Date
    Dec 2008
    Posts
    6

    Default questions

    I will update my machine per your suggestions tomorrow once the infections are removed. Of all of the "stuff" you had me install what do I need to keep and what should I remove/uninstall ?

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    ATF Cleaner <<< best free cleaner I know of, yours to keep if you wish.

    Remove combofix from the computer like this:

    Click START then RUN
    Now type or copy Combofix /u in the runbox and click OK.
    Note the space between the X and the U, it needs to be there.



    Clean the System Restore files like this:

    Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot

    Turn ON System Restore,
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.

    Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
    (MBAM is yours to keep if you wish, update it and run it once a month or so)

    Update Symantec and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.
    http://www.symantec.com/enterprise/support/index.jsp

    If all is well at this point, let me know and I will close the topic.

    Some good information for you:
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.

    http://users.telenet.be/bluepatchy/m...oes/Links.html
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Junior Member
    Join Date
    Dec 2008
    Posts
    6

    Default last info

    I updated mbam and did another san. it found a registry key for "Trojan.Vundo" and another for a generic malware.trace. I cleaned it with mbam. I also updated norton's and did a full scan. All checked out. 2 questions ... should I be worried about the trojan.vundo and do I need Hijackthis any more?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •